Revert lots of Cryptlib updates.

OpenSSL changes quite a bit of the key validation, and most of the keys
I can find in the wild aren't marked as trusted by the new checker.

Intel noticed this too: https://github.com/vathpela/edk2/commit/f536d7c3ed
but instead of fixing the compatibility error, they switched their test
data to match the bug.

So that's pretty broken.

For now, I'm reverting OpenSSL 1.1.0e, because we need those certs in
the wild to work.

This reverts commit 513cbe2aea689bf968f171f894f3d4cdb43524d5.
This reverts commit e9cc33d6f2b7f35c6f5e349fd83fb9ae0bc66226.
This reverts commit 80d49f758ead0180bfe6161931838e0578248303.
This reverts commit 9bc647e2b23bcfd69a0077c0717fbc454c919a57.
This reverts commit ae75df6232ad30f3e8736e9449692d58a7439260.
This reverts commit e883479f35644d17db7efed710657c8543cfcb68.
This reverts commit 97469449fda5ba933a64280917e776487301a127.
This reverts commit e39692647f78e13d757ddbfdd36f440d5f526050.
This reverts commit 0f3dfc01e2d5e7df882c963dd8dc4a0dfbfc96ad.
This reverts commit 4da6ac819510c7cc4ba21d7a735d69b45daa5873.
This reverts commit d064bd7eef201f26cb926450a76260b5187ac689.
This reverts commit 9bc86cfd6f9387f0da9d5c0102b6aa5627e91c91.
This reverts commit ab9a05a10f16b33f7ee1e9da360c7801eebdb9d2.

Signed-off-by: Peter Jones <pjones@redhat.com>

12 files changed, 0 insertions, 805 deletions

diff --git a/Cryptlib/Include/internal/bio.h b/Cryptlib/Include/internal/bio.h
deleted file mode 100644
index 3b6a6ac4..00000000
--- a/Cryptlib/Include/internal/bio.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/bio.h>
-
-struct bio_method_st {
-    int type;
-    const char *name;
-    int (*bwrite) (BIO *, const char *, int);
-    int (*bread) (BIO *, char *, int);
-    int (*bputs) (BIO *, const char *);
-    int (*bgets) (BIO *, char *, int);
-    long (*ctrl) (BIO *, int, long, void *);
-    int (*create) (BIO *);
-    int (*destroy) (BIO *);
-    long (*callback_ctrl) (BIO *, int, bio_info_cb *);
-};
-
-void bio_free_ex_data(BIO *bio);
-void bio_cleanup(void);
diff --git a/Cryptlib/Include/internal/comp.h b/Cryptlib/Include/internal/comp.h
deleted file mode 100644
index ac6e38b4..00000000
--- a/Cryptlib/Include/internal/comp.h
+++ /dev/null
@@ -1,12 +0,0 @@
-/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/comp.h>
-
-void comp_zlib_cleanup_int(void);
diff --git a/Cryptlib/Include/internal/conf.h b/Cryptlib/Include/internal/conf.h
deleted file mode 100644
index ada3f92b..00000000
--- a/Cryptlib/Include/internal/conf.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_INTERNAL_CONF_H
-# define HEADER_INTERNAL_CONF_H
-
-#include <openssl/conf.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-struct ossl_init_settings_st {
-    char *appname;
-};
-
-void openssl_config_int(const char *appname);
-void openssl_no_config_int(void);
-void conf_modules_free_int(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/Cryptlib/Include/internal/constant_time_locl.h b/Cryptlib/Include/internal/constant_time_locl.h
deleted file mode 100644
index d27fb14c..00000000
--- a/Cryptlib/Include/internal/constant_time_locl.h
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_CONSTANT_TIME_LOCL_H
-# define HEADER_CONSTANT_TIME_LOCL_H
-
-# include <openssl/e_os2.h>              /* For 'ossl_inline' */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*-
- * The boolean methods return a bitmask of all ones (0xff...f) for true
- * and 0 for false. This is useful for choosing a value based on the result
- * of a conditional in constant time. For example,
- *
- * if (a < b) {
- *   c = a;
- * } else {
- *   c = b;
- * }
- *
- * can be written as
- *
- * unsigned int lt = constant_time_lt(a, b);
- * c = constant_time_select(lt, a, b);
- */
-
-/*
- * Returns the given value with the MSB copied to all the other
- * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
- * However, this is not ensured by the C standard so you may need to
- * replace this with something else on odd CPUs.
- */
-static ossl_inline unsigned int constant_time_msb(unsigned int a);
-
-/*
- * Returns 0xff..f if a < b and 0 otherwise.
- */
-static ossl_inline unsigned int constant_time_lt(unsigned int a,
-                                                 unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
-                                                    unsigned int b);
-
-/*
- * Returns 0xff..f if a >= b and 0 otherwise.
- */
-static ossl_inline unsigned int constant_time_ge(unsigned int a,
-                                                 unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
-                                                    unsigned int b);
-
-/*
- * Returns 0xff..f if a == 0 and 0 otherwise.
- */
-static ossl_inline unsigned int constant_time_is_zero(unsigned int a);
-/* Convenience method for getting an 8-bit mask. */
-static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a);
-
-/*
- * Returns 0xff..f if a == b and 0 otherwise.
- */
-static ossl_inline unsigned int constant_time_eq(unsigned int a,
-                                                 unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
-                                                    unsigned int b);
-/* Signed integers. */
-static ossl_inline unsigned int constant_time_eq_int(int a, int b);
-/* Convenience method for getting an 8-bit mask. */
-static ossl_inline unsigned char constant_time_eq_int_8(int a, int b);
-
-/*-
- * Returns (mask & a) | (~mask & b).
- *
- * When |mask| is all 1s or all 0s (as returned by the methods above),
- * the select methods return either |a| (if |mask| is nonzero) or |b|
- * (if |mask| is zero).
- */
-static ossl_inline unsigned int constant_time_select(unsigned int mask,
-                                                     unsigned int a,
-                                                     unsigned int b);
-/* Convenience method for unsigned chars. */
-static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
-                                                        unsigned char a,
-                                                        unsigned char b);
-/* Convenience method for signed integers. */
-static ossl_inline int constant_time_select_int(unsigned int mask, int a,
-                                                int b);
-
-static ossl_inline unsigned int constant_time_msb(unsigned int a)
-{
-    return 0 - (a >> (sizeof(a) * 8 - 1));
-}
-
-static ossl_inline unsigned int constant_time_lt(unsigned int a,
-                                                 unsigned int b)
-{
-    return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
-}
-
-static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
-                                                    unsigned int b)
-{
-    return (unsigned char)(constant_time_lt(a, b));
-}
-
-static ossl_inline unsigned int constant_time_ge(unsigned int a,
-                                                 unsigned int b)
-{
-    return ~constant_time_lt(a, b);
-}
-
-static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
-                                                    unsigned int b)
-{
-    return (unsigned char)(constant_time_ge(a, b));
-}
-
-static ossl_inline unsigned int constant_time_is_zero(unsigned int a)
-{
-    return constant_time_msb(~a & (a - 1));
-}
-
-static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a)
-{
-    return (unsigned char)(constant_time_is_zero(a));
-}
-
-static ossl_inline unsigned int constant_time_eq(unsigned int a,
-                                                 unsigned int b)
-{
-    return constant_time_is_zero(a ^ b);
-}
-
-static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
-                                                    unsigned int b)
-{
-    return (unsigned char)(constant_time_eq(a, b));
-}
-
-static ossl_inline unsigned int constant_time_eq_int(int a, int b)
-{
-    return constant_time_eq((unsigned)(a), (unsigned)(b));
-}
-
-static ossl_inline unsigned char constant_time_eq_int_8(int a, int b)
-{
-    return constant_time_eq_8((unsigned)(a), (unsigned)(b));
-}
-
-static ossl_inline unsigned int constant_time_select(unsigned int mask,
-                                                     unsigned int a,
-                                                     unsigned int b)
-{
-    return (mask & a) | (~mask & b);
-}
-
-static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
-                                                        unsigned char a,
-                                                        unsigned char b)
-{
-    return (unsigned char)(constant_time_select(mask, a, b));
-}
-
-static ossl_inline int constant_time_select_int(unsigned int mask, int a,
-                                                int b)
-{
-    return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
-}
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif                          /* HEADER_CONSTANT_TIME_LOCL_H */
diff --git a/Cryptlib/Include/internal/dane.h b/Cryptlib/Include/internal/dane.h
deleted file mode 100644
index a1cb5488..00000000
--- a/Cryptlib/Include/internal/dane.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_INTERNAL_DANE_H
-#define HEADER_INTERNAL_DANE_H
-
-#include <openssl/safestack.h>
-
-/*-
- * Certificate usages:
- * https://tools.ietf.org/html/rfc6698#section-2.1.1
- */
-#define DANETLS_USAGE_PKIX_TA   0
-#define DANETLS_USAGE_PKIX_EE   1
-#define DANETLS_USAGE_DANE_TA   2
-#define DANETLS_USAGE_DANE_EE   3
-#define DANETLS_USAGE_LAST      DANETLS_USAGE_DANE_EE
-
-/*-
- * Selectors:
- * https://tools.ietf.org/html/rfc6698#section-2.1.2
- */
-#define DANETLS_SELECTOR_CERT   0
-#define DANETLS_SELECTOR_SPKI   1
-#define DANETLS_SELECTOR_LAST   DANETLS_SELECTOR_SPKI
-
-/*-
- * Matching types:
- * https://tools.ietf.org/html/rfc6698#section-2.1.3
- */
-#define DANETLS_MATCHING_FULL   0
-#define DANETLS_MATCHING_2256   1
-#define DANETLS_MATCHING_2512   2
-#define DANETLS_MATCHING_LAST   DANETLS_MATCHING_2512
-
-typedef struct danetls_record_st {
-    uint8_t usage;
-    uint8_t selector;
-    uint8_t mtype;
-    unsigned char *data;
-    size_t dlen;
-    EVP_PKEY *spki;
-} danetls_record;
-
-DEFINE_STACK_OF(danetls_record)
-
-/*
- * Shared DANE context
- */
-struct dane_ctx_st {
-    const EVP_MD  **mdevp;      /* mtype -> digest */
-    uint8_t        *mdord;      /* mtype -> preference */
-    uint8_t         mdmax;      /* highest supported mtype */
-    unsigned long   flags;      /* feature bitmask */
-};
-
-/*
- * Per connection DANE state
- */
-struct ssl_dane_st {
-    struct dane_ctx_st *dctx;
-    STACK_OF(danetls_record) *trecs;
-    STACK_OF(X509) *certs;      /* DANE-TA(2) Cert(0) Full(0) certs */
-    danetls_record *mtlsa;      /* Matching TLSA record */
-    X509           *mcert;      /* DANE matched cert */
-    uint32_t        umask;      /* Usages present */
-    int             mdpth;      /* Depth of matched cert */
-    int             pdpth;      /* Depth of PKIX trust */
-    unsigned long   flags;      /* feature bitmask */
-};
-
-#define DANETLS_ENABLED(dane)  \
-    ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0)
-
-#define DANETLS_USAGE_BIT(u)   (((uint32_t)1) << u)
-
-#define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA))
-#define DANETLS_PKIX_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_EE))
-#define DANETLS_DANE_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_TA))
-#define DANETLS_DANE_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_EE))
-
-#define DANETLS_PKIX_MASK (DANETLS_PKIX_TA_MASK | DANETLS_PKIX_EE_MASK)
-#define DANETLS_DANE_MASK (DANETLS_DANE_TA_MASK | DANETLS_DANE_EE_MASK)
-#define DANETLS_TA_MASK (DANETLS_PKIX_TA_MASK | DANETLS_DANE_TA_MASK)
-#define DANETLS_EE_MASK (DANETLS_PKIX_EE_MASK | DANETLS_DANE_EE_MASK)
-
-#define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK))
-#define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK))
-#define DANETLS_HAS_TA(dane)   ((dane) && ((dane)->umask & DANETLS_TA_MASK))
-#define DANETLS_HAS_EE(dane)   ((dane) && ((dane)->umask & DANETLS_EE_MASK))
-
-#define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK))
-#define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK))
-#define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK))
-#define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK))
-
-#endif /* HEADER_INTERNAL_DANE_H */
diff --git a/Cryptlib/Include/internal/dso.h b/Cryptlib/Include/internal/dso.h
deleted file mode 100644
index f5de8a28..00000000
--- a/Cryptlib/Include/internal/dso.h
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_DSO_H
-# define HEADER_DSO_H
-
-# include <openssl/crypto.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These values are used as commands to DSO_ctrl() */
-# define DSO_CTRL_GET_FLAGS      1
-# define DSO_CTRL_SET_FLAGS      2
-# define DSO_CTRL_OR_FLAGS       3
-
-/*
- * By default, DSO_load() will translate the provided filename into a form
- * typical for the platform using the dso_name_converter function of the
- * method. Eg. win32 will transform "blah" into "blah.dll", and dlfcn will
- * transform it into "libblah.so". This callback could even utilise the
- * DSO_METHOD's converter too if it only wants to override behaviour for
- * one or two possible DSO methods. However, the following flag can be
- * set in a DSO to prevent *any* native name-translation at all - eg. if
- * the caller has prompted the user for a path to a driver library so the
- * filename should be interpreted as-is.
- */
-# define DSO_FLAG_NO_NAME_TRANSLATION            0x01
-/*
- * An extra flag to give if only the extension should be added as
- * translation.  This is obviously only of importance on Unix and other
- * operating systems where the translation also may prefix the name with
- * something, like 'lib', and ignored everywhere else. This flag is also
- * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time.
- */
-# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
-
-/*
- * Don't unload the DSO when we call DSO_free()
- */
-# define DSO_FLAG_NO_UNLOAD_ON_FREE              0x04
-/*
- * The following flag controls the translation of symbol names to upper case.
- * This is currently only being implemented for OpenVMS.
- */
-# define DSO_FLAG_UPCASE_SYMBOL                  0x10
-
-/*
- * This flag loads the library with public symbols. Meaning: The exported
- * symbols of this library are public to all libraries loaded after this
- * library. At the moment only implemented in unix.
- */
-# define DSO_FLAG_GLOBAL_SYMBOLS                 0x20
-
-typedef void (*DSO_FUNC_TYPE) (void);
-
-typedef struct dso_st DSO;
-typedef struct dso_meth_st DSO_METHOD;
-
-/*
- * The function prototype used for method functions (or caller-provided
- * callbacks) that transform filenames. They are passed a DSO structure
- * pointer (or NULL if they are to be used independently of a DSO object) and
- * a filename to transform. They should either return NULL (if there is an
- * error condition) or a newly allocated string containing the transformed
- * form that the caller will need to free with OPENSSL_free() when done.
- */
-typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
-/*
- * The function prototype used for method functions (or caller-provided
- * callbacks) that merge two file specifications. They are passed a DSO
- * structure pointer (or NULL if they are to be used independently of a DSO
- * object) and two file specifications to merge. They should either return
- * NULL (if there is an error condition) or a newly allocated string
- * containing the result of merging that the caller will need to free with
- * OPENSSL_free() when done. Here, merging means that bits and pieces are
- * taken from each of the file specifications and added together in whatever
- * fashion that is sensible for the DSO method in question.  The only rule
- * that really applies is that if the two specification contain pieces of the
- * same type, the copy from the first string takes priority.  One could see
- * it as the first specification is the one given by the user and the second
- * being a bunch of defaults to add on if they're missing in the first.
- */
-typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
-
-DSO *DSO_new(void);
-int DSO_free(DSO *dso);
-int DSO_flags(DSO *dso);
-int DSO_up_ref(DSO *dso);
-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
-
-/*
- * These functions can be used to get/set the platform-independent filename
- * used for a DSO. NB: set will fail if the DSO is already loaded.
- */
-const char *DSO_get_filename(DSO *dso);
-int DSO_set_filename(DSO *dso, const char *filename);
-/*
- * This function will invoke the DSO's name_converter callback to translate a
- * filename, or if the callback isn't set it will instead use the DSO_METHOD's
- * converter. If "filename" is NULL, the "filename" in the DSO itself will be
- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
- * simply duplicated. NB: This function is usually called from within a
- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so
- * that caller-created DSO_METHODs can do the same thing. A non-NULL return
- * value will need to be OPENSSL_free()'d.
- */
-char *DSO_convert_filename(DSO *dso, const char *filename);
-/*
- * This function will invoke the DSO's merger callback to merge two file
- * specifications, or if the callback isn't set it will instead use the
- * DSO_METHOD's merger.  A non-NULL return value will need to be
- * OPENSSL_free()'d.
- */
-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
-
-/*
- * The all-singing all-dancing load function, you normally pass NULL for the
- * first and third parameters. Use DSO_up_ref and DSO_free for subsequent
- * reference count handling. Any flags passed in will be set in the
- * constructed DSO after its init() function but before the load operation.
- * If 'dso' is non-NULL, 'flags' is ignored.
- */
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
-
-/* This function binds to a function inside a shared library. */
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
-
-/*
- * This method is the default, but will beg, borrow, or steal whatever method
- * should be the default on any particular platform (including
- * DSO_METH_null() if necessary).
- */
-DSO_METHOD *DSO_METHOD_openssl(void);
-
-/*
- * This function writes null-terminated pathname of DSO module containing
- * 'addr' into 'sz' large caller-provided 'path' and returns the number of
- * characters [including trailing zero] written to it. If 'sz' is 0 or
- * negative, 'path' is ignored and required amount of charachers [including
- * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then
- * pathname of cryptolib itself is returned. Negative or zero return value
- * denotes error.
- */
-int DSO_pathbyaddr(void *addr, char *path, int sz);
-
-/*
- * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol
- * or NULL on error.
- */
-DSO *DSO_dsobyaddr(void *addr, int flags);
-
-/*
- * This function should be used with caution! It looks up symbols in *all*
- * loaded modules and if module gets unloaded by somebody else attempt to
- * dereference the pointer is doomed to have fatal consequences. Primary
- * usage for this function is to probe *core* system functionality, e.g.
- * check if getnameinfo(3) is available at run-time without bothering about
- * OS-specific details such as libc.so.versioning or where does it actually
- * reside: in libc itself or libsocket.
- */
-void *DSO_global_lookup(const char *name);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-int ERR_load_DSO_strings(void);
-
-/* Error codes for the DSO functions. */
-
-/* Function codes. */
-# define DSO_F_DLFCN_BIND_FUNC                            100
-# define DSO_F_DLFCN_LOAD                                 102
-# define DSO_F_DLFCN_MERGER                               130
-# define DSO_F_DLFCN_NAME_CONVERTER                       123
-# define DSO_F_DLFCN_UNLOAD                               103
-# define DSO_F_DL_BIND_FUNC                               104
-# define DSO_F_DL_LOAD                                    106
-# define DSO_F_DL_MERGER                                  131
-# define DSO_F_DL_NAME_CONVERTER                          124
-# define DSO_F_DL_UNLOAD                                  107
-# define DSO_F_DSO_BIND_FUNC                              108
-# define DSO_F_DSO_CONVERT_FILENAME                       126
-# define DSO_F_DSO_CTRL                                   110
-# define DSO_F_DSO_FREE                                   111
-# define DSO_F_DSO_GET_FILENAME                           127
-# define DSO_F_DSO_GLOBAL_LOOKUP                          139
-# define DSO_F_DSO_LOAD                                   112
-# define DSO_F_DSO_MERGE                                  132
-# define DSO_F_DSO_NEW_METHOD                             113
-# define DSO_F_DSO_PATHBYADDR                             105
-# define DSO_F_DSO_SET_FILENAME                           129
-# define DSO_F_DSO_UP_REF                                 114
-# define DSO_F_VMS_BIND_SYM                               115
-# define DSO_F_VMS_LOAD                                   116
-# define DSO_F_VMS_MERGER                                 133
-# define DSO_F_VMS_UNLOAD                                 117
-# define DSO_F_WIN32_BIND_FUNC                            101
-# define DSO_F_WIN32_GLOBALLOOKUP                         142
-# define DSO_F_WIN32_JOINER                               135
-# define DSO_F_WIN32_LOAD                                 120
-# define DSO_F_WIN32_MERGER                               134
-# define DSO_F_WIN32_NAME_CONVERTER                       125
-# define DSO_F_WIN32_PATHBYADDR                           109
-# define DSO_F_WIN32_SPLITTER                             136
-# define DSO_F_WIN32_UNLOAD                               121
-
-/* Reason codes. */
-# define DSO_R_CTRL_FAILED                                100
-# define DSO_R_DSO_ALREADY_LOADED                         110
-# define DSO_R_EMPTY_FILE_STRUCTURE                       113
-# define DSO_R_FAILURE                                    114
-# define DSO_R_FILENAME_TOO_BIG                           101
-# define DSO_R_FINISH_FAILED                              102
-# define DSO_R_INCORRECT_FILE_SYNTAX                      115
-# define DSO_R_LOAD_FAILED                                103
-# define DSO_R_NAME_TRANSLATION_FAILED                    109
-# define DSO_R_NO_FILENAME                                111
-# define DSO_R_NULL_HANDLE                                104
-# define DSO_R_SET_FILENAME_FAILED                        112
-# define DSO_R_STACK_ERROR                                105
-# define DSO_R_SYM_FAILURE                                106
-# define DSO_R_UNLOAD_FAILED                              107
-# define DSO_R_UNSUPPORTED                                108
-
-# ifdef  __cplusplus
-}
-# endif
-#endif
diff --git a/Cryptlib/Include/internal/dso_conf.h b/Cryptlib/Include/internal/dso_conf.h
deleted file mode 100644
index e69de29b..00000000
--- a/Cryptlib/Include/internal/dso_conf.h
+++ /dev/null
diff --git a/Cryptlib/Include/internal/err.h b/Cryptlib/Include/internal/err.h
deleted file mode 100644
index d46b8bdb..00000000
--- a/Cryptlib/Include/internal/err.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef INTERNAL_ERR_H
-# define INTERNAL_ERR_H
-
-void err_free_strings_int(void);
-
-#endif
diff --git a/Cryptlib/Include/internal/numbers.h b/Cryptlib/Include/internal/numbers.h
deleted file mode 100644
index 31931df3..00000000
--- a/Cryptlib/Include/internal/numbers.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_NUMBERS_H
-# define HEADER_NUMBERS_H
-
-# include <limits.h>
-
-# if (-1 & 3) == 0x03		/* Two's complement */
-
-#  define __MAXUINT__(T) ((T) -1)
-#  define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T)))
-#  define __MININT__(T) (-__MAXINT__(T) - 1)
-
-# elif (-1 & 3) == 0x02		/* One's complement */
-
-#  define __MAXUINT__(T) (((T) -1) + 1)
-#  define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T)))
-#  define __MININT__(T) (-__MAXINT__(T))
-
-# elif (-1 & 3) == 0x01		/* Sign/magnitude */
-
-#  define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2))))
-#  define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1))))
-#  define __MININT__(T) (-__MAXINT__(T))
-
-# else
-
-#  error "do not know the integer encoding on this architecture"
-
-# endif
-
-# ifndef INT8_MAX
-#  define INT8_MIN __MININT__(int8_t)
-#  define INT8_MAX __MAXINT__(int8_t)
-#  define UINT8_MAX __MAXUINT__(uint8_t)
-# endif
-
-# ifndef INT16_MAX
-#  define INT16_MIN __MININT__(int16_t)
-#  define INT16_MAX __MAXINT__(int16_t)
-#  define UINT16_MAX __MAXUINT__(uint16_t)
-# endif
-
-# ifndef INT32_MAX
-#  define INT32_MIN __MININT__(int32_t)
-#  define INT32_MAX __MAXINT__(int32_t)
-#  define UINT32_MAX __MAXUINT__(uint32_t)
-# endif
-
-# ifndef INT64_MAX
-#  define INT64_MIN __MININT__(int64_t)
-#  define INT64_MAX __MAXINT__(int64_t)
-#  define UINT64_MAX __MAXUINT__(uint64_t)
-# endif
-
-# ifndef SIZE_MAX
-#  define SIZE_MAX __MAXUINT__(size_t)
-# endif
-
-#endif
-
diff --git a/Cryptlib/Include/internal/o_dir.h b/Cryptlib/Include/internal/o_dir.h
deleted file mode 100644
index 178c2ed2..00000000
--- a/Cryptlib/Include/internal/o_dir.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Copied from Richard Levitte's (richard@levitte.org) LP library.  All
- * symbol names have been changed, with permission from the author.
- */
-
-/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef O_DIR_H
-# define O_DIR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
-
-  /*
-   * returns NULL on error or end-of-directory. If it is end-of-directory,
-   * errno will be zero
-   */
-const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
-  /* returns 1 on success, 0 on error */
-int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif                          /* LPDIR_H */
diff --git a/Cryptlib/Include/internal/o_str.h b/Cryptlib/Include/internal/o_str.h
deleted file mode 100644
index 86403c9e..00000000
--- a/Cryptlib/Include/internal/o_str.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_O_STR_H
-# define HEADER_O_STR_H
-
-# include <stddef.h>            /* to get size_t */
-
-int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
-
-#endif
diff --git a/Cryptlib/Include/internal/thread_once.h b/Cryptlib/Include/internal/thread_once.h
deleted file mode 100644
index 22424435..00000000
--- a/Cryptlib/Include/internal/thread_once.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/crypto.h>
-
-#define DEFINE_RUN_ONCE(init)                   \
-    static int init(void);                     \
-    int init##_ossl_ret_ = 0;                   \
-    void init##_ossl_(void)                     \
-    {                                           \
-        init##_ossl_ret_ = init();              \
-    }                                           \
-    static int init(void)
-#define DECLARE_RUN_ONCE(init)                  \
-    extern int init##_ossl_ret_;                \
-    void init##_ossl_(void);
-
-#define DEFINE_RUN_ONCE_STATIC(init)            \
-    static int init(void);                     \
-    static int init##_ossl_ret_ = 0;            \
-    static void init##_ossl_(void)              \
-    {                                           \
-        init##_ossl_ret_ = init();              \
-    }                                           \
-    static int init(void)
-
-/*
- * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded
- * @once: pointer to static object of type CRYPTO_ONCE
- * @init: function name that was previously given to DEFINE_RUN_ONCE,
- *        DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE.  This function
- *        must return 1 for success or 0 for failure.
- *
- * The return value is 1 on success (*) or 0 in case of error.
- *
- * (*) by convention, since the init function must return 1 on success.
- */
-#define RUN_ONCE(once, init)                                            \
-    (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0)