* New upstream release.debian/15+1533136590.3beb971-1

  - debian/patches/second-stage-path: dropped; the default loader path now
    includes an arch suffix.
  - debian/patches/sbsigntool-no-pesign: dropped; no longer needed.
* Drop remaining patches that were not being applied.
* Sync packaging from Ubuntu:
  - debian/copyright: Update upstream source location.
  - debian/control: add a Build-Depends on libelf-dev.
  - Enable arm64 build.
  - debian/patches/fixup_git.patch: don't run git in clean; we're not
    really in a git tree.
  - debian/rules, debian/shim.install: use the upstream install target as
    intended, and move files to the target directory using dh_install.
  - define RELEASE and COMMIT_ID for the snapshot.
  - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature.
  - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream
    options: set MAKELEVEL.
  - Define an EFI_ARCH variable, and use that for paths to shim. This
    makes it possible to build a shim for other architectures than amd64.
  - Set EFIDIR=$distro for dh_auto_install; that will let files be installed
    in the "right" final directories, and makes boot.csv for us.
  - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built
    at compile-time for MokManager and fallback.
  - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback
    and MokManager.

3 files changed, 136 insertions, 331 deletions

diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c
index 0bfec232..73378324 100644
--- a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c
+++ b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c
@@ -1,185 +1,65 @@
-/* crypto/lhash/lh_stats.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 /*
- * If you wish to build this outside of SSLeay, remove the following lines
+ * If you wish to build this outside of OpenSSL, remove the following lines
  * and things should work as expected
  */
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
-#ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-#endif
+#include <openssl/bio.h>
 #include <openssl/lhash.h>
+#include "lhash_lcl.h"
 
-#ifdef OPENSSL_NO_BIO
-
-void lh_stats(LHASH *lh, FILE *out)
-{
-    fprintf(out, "num_items             = %lu\n", lh->num_items);
-    fprintf(out, "num_nodes             = %u\n", lh->num_nodes);
-    fprintf(out, "num_alloc_nodes       = %u\n", lh->num_alloc_nodes);
-    fprintf(out, "num_expands           = %lu\n", lh->num_expands);
-    fprintf(out, "num_expand_reallocs   = %lu\n", lh->num_expand_reallocs);
-    fprintf(out, "num_contracts         = %lu\n", lh->num_contracts);
-    fprintf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs);
-    fprintf(out, "num_hash_calls        = %lu\n", lh->num_hash_calls);
-    fprintf(out, "num_comp_calls        = %lu\n", lh->num_comp_calls);
-    fprintf(out, "num_insert            = %lu\n", lh->num_insert);
-    fprintf(out, "num_replace           = %lu\n", lh->num_replace);
-    fprintf(out, "num_delete            = %lu\n", lh->num_delete);
-    fprintf(out, "num_no_delete         = %lu\n", lh->num_no_delete);
-    fprintf(out, "num_retrieve          = %lu\n", lh->num_retrieve);
-    fprintf(out, "num_retrieve_miss     = %lu\n", lh->num_retrieve_miss);
-    fprintf(out, "num_hash_comps        = %lu\n", lh->num_hash_comps);
-# if 0
-    fprintf(out, "p                     = %u\n", lh->p);
-    fprintf(out, "pmax                  = %u\n", lh->pmax);
-    fprintf(out, "up_load               = %lu\n", lh->up_load);
-    fprintf(out, "down_load             = %lu\n", lh->down_load);
-# endif
-}
-
-void lh_node_stats(LHASH *lh, FILE *out)
-{
-    LHASH_NODE *n;
-    unsigned int i, num;
-
-    for (i = 0; i < lh->num_nodes; i++) {
-        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
-            num++;
-        fprintf(out, "node %6u -> %3u\n", i, num);
-    }
-}
-
-void lh_node_usage_stats(LHASH *lh, FILE *out)
-{
-    LHASH_NODE *n;
-    unsigned long num;
-    unsigned int i;
-    unsigned long total = 0, n_used = 0;
-
-    for (i = 0; i < lh->num_nodes; i++) {
-        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
-            num++;
-        if (num != 0) {
-            n_used++;
-            total += num;
-        }
-    }
-    fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes);
-    fprintf(out, "%lu items\n", total);
-    if (n_used == 0)
-        return;
-    fprintf(out, "load %d.%02d  actual load %d.%02d\n",
-            (int)(total / lh->num_nodes),
-            (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
-            (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
-}
-
-#else
-
-# ifndef OPENSSL_NO_FP_API
-void lh_stats(const _LHASH *lh, FILE *fp)
+# ifndef OPENSSL_NO_STDIO
+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp)
 {
     BIO *bp;
 
     bp = BIO_new(BIO_s_file());
     if (bp == NULL)
-        goto end;
+        return;
     BIO_set_fp(bp, fp, BIO_NOCLOSE);
-    lh_stats_bio(lh, bp);
+    OPENSSL_LH_stats_bio(lh, bp);
     BIO_free(bp);
- end:;
 }
 
-void lh_node_stats(const _LHASH *lh, FILE *fp)
+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp)
 {
     BIO *bp;
 
     bp = BIO_new(BIO_s_file());
     if (bp == NULL)
-        goto end;
+        return;
     BIO_set_fp(bp, fp, BIO_NOCLOSE);
-    lh_node_stats_bio(lh, bp);
+    OPENSSL_LH_node_stats_bio(lh, bp);
     BIO_free(bp);
- end:;
 }
 
-void lh_node_usage_stats(const _LHASH *lh, FILE *fp)
+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp)
 {
     BIO *bp;
 
     bp = BIO_new(BIO_s_file());
     if (bp == NULL)
-        goto end;
+        return;
     BIO_set_fp(bp, fp, BIO_NOCLOSE);
-    lh_node_usage_stats_bio(lh, bp);
+    OPENSSL_LH_node_usage_stats_bio(lh, bp);
     BIO_free(bp);
- end:;
 }
 
 # endif
 
-void lh_stats_bio(const _LHASH *lh, BIO *out)
+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
 {
     BIO_printf(out, "num_items             = %lu\n", lh->num_items);
     BIO_printf(out, "num_nodes             = %u\n", lh->num_nodes);
@@ -198,17 +78,11 @@ void lh_stats_bio(const _LHASH *lh, BIO *out)
     BIO_printf(out, "num_retrieve          = %lu\n", lh->num_retrieve);
     BIO_printf(out, "num_retrieve_miss     = %lu\n", lh->num_retrieve_miss);
     BIO_printf(out, "num_hash_comps        = %lu\n", lh->num_hash_comps);
-# if 0
-    BIO_printf(out, "p                     = %u\n", lh->p);
-    BIO_printf(out, "pmax                  = %u\n", lh->pmax);
-    BIO_printf(out, "up_load               = %lu\n", lh->up_load);
-    BIO_printf(out, "down_load             = %lu\n", lh->down_load);
-# endif
 }
 
-void lh_node_stats_bio(const _LHASH *lh, BIO *out)
+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
 {
-    LHASH_NODE *n;
+    OPENSSL_LH_NODE *n;
     unsigned int i, num;
 
     for (i = 0; i < lh->num_nodes; i++) {
@@ -218,9 +92,9 @@ void lh_node_stats_bio(const _LHASH *lh, BIO *out)
     }
 }
 
-void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out)
+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
 {
-    LHASH_NODE *n;
+    OPENSSL_LH_NODE *n;
     unsigned long num;
     unsigned int i;
     unsigned long total = 0, n_used = 0;
@@ -242,5 +116,3 @@ void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out)
                (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
                (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
 }
-
-#endif
diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c
index 53c5c138..adde832c 100644
--- a/Cryptlib/OpenSSL/crypto/lhash/lhash.c
+++ b/Cryptlib/OpenSSL/crypto/lhash/lhash.c
@@ -1,164 +1,56 @@
-/* crypto/lhash/lhash.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-/*-
- * Code for dynamic hash table routines
- * Author - Eric Young v 2.0
- *
- * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
- *           present. eay 18-Jun-98
- *
- * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
- *
- * 2.0 eay - Fixed a bug that occurred when using lh_delete
- *           from inside lh_doall().  As entries were deleted,
- *           the 'table' was 'contract()ed', making some entries
- *           jump from the end of the table to the start, there by
- *           skipping the lh_doall() processing. eay - 4/12/95
- *
- * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
- *           were not being free()ed. 21/11/95
- *
- * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
- *           19/09/95
- *
- * 1.7 eay - Removed the fputs() for realloc failures - the code
- *           should silently tolerate them.  I have also fixed things
- *           lint complained about 04/05/95
- *
- * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92
- *
- * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992
- *
- * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91
- *
- * 1.3 eay - Fixed a few lint problems 19/3/1991
- *
- * 1.2 eay - Fixed lh_doall problem 13/3/1991
- *
- * 1.1 eay - Added lh_doall
- *
- * 1.0 eay - First version
- */
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
+#include "lhash_lcl.h"
 
-const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
 
 #undef MIN_NODES
 #define MIN_NODES       16
 #define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256 (default 2) */
 #define DOWN_LOAD       (LH_LOAD_MULT) /* load times 256 (default 1) */
 
-static void expand(_LHASH *lh);
-static void contract(_LHASH *lh);
-static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
+static int expand(OPENSSL_LHASH *lh);
+static void contract(OPENSSL_LHASH *lh);
+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash);
 
-_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c)
 {
-    _LHASH *ret;
-    int i;
+    OPENSSL_LHASH *ret;
 
-    if ((ret = OPENSSL_malloc(sizeof(_LHASH))) == NULL)
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
         goto err0;
-    if ((ret->b = OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == NULL)
+    if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL)
         goto err1;
-    for (i = 0; i < MIN_NODES; i++)
-        ret->b[i] = NULL;
-    ret->comp = ((c == NULL) ? (LHASH_COMP_FN_TYPE)strcmp : c);
-    ret->hash = ((h == NULL) ? (LHASH_HASH_FN_TYPE)lh_strhash : h);
+    ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c);
+    ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h);
     ret->num_nodes = MIN_NODES / 2;
     ret->num_alloc_nodes = MIN_NODES;
-    ret->p = 0;
     ret->pmax = MIN_NODES / 2;
     ret->up_load = UP_LOAD;
     ret->down_load = DOWN_LOAD;
-    ret->num_items = 0;
-
-    ret->num_expands = 0;
-    ret->num_expand_reallocs = 0;
-    ret->num_contracts = 0;
-    ret->num_contract_reallocs = 0;
-    ret->num_hash_calls = 0;
-    ret->num_comp_calls = 0;
-    ret->num_insert = 0;
-    ret->num_replace = 0;
-    ret->num_delete = 0;
-    ret->num_no_delete = 0;
-    ret->num_retrieve = 0;
-    ret->num_retrieve_miss = 0;
-    ret->num_hash_comps = 0;
-
-    ret->error = 0;
     return (ret);
+
  err1:
     OPENSSL_free(ret);
  err0:
     return (NULL);
 }
 
-void lh_free(_LHASH *lh)
+void OPENSSL_LH_free(OPENSSL_LHASH *lh)
 {
     unsigned int i;
-    LHASH_NODE *n, *nn;
+    OPENSSL_LH_NODE *n, *nn;
 
     if (lh == NULL)
         return;
@@ -175,28 +67,26 @@ void lh_free(_LHASH *lh)
     OPENSSL_free(lh);
 }
 
-void *lh_insert(_LHASH *lh, void *data)
+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
 {
     unsigned long hash;
-    LHASH_NODE *nn, **rn;
+    OPENSSL_LH_NODE *nn, **rn;
     void *ret;
 
     lh->error = 0;
-    if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))
-        expand(lh);
+    if ((lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) && !expand(lh))
+        return NULL;        /* 'lh->error++' already done in 'expand' */
 
     rn = getrn(lh, data, &hash);
 
     if (*rn == NULL) {
-        if ((nn = (LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) {
+        if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) {
             lh->error++;
             return (NULL);
         }
         nn->data = data;
         nn->next = NULL;
-#ifndef OPENSSL_NO_HASH_COMP
         nn->hash = hash;
-#endif
         *rn = nn;
         ret = NULL;
         lh->num_insert++;
@@ -210,10 +100,10 @@ void *lh_insert(_LHASH *lh, void *data)
     return (ret);
 }
 
-void *lh_delete(_LHASH *lh, const void *data)
+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data)
 {
     unsigned long hash;
-    LHASH_NODE *nn, **rn;
+    OPENSSL_LH_NODE *nn, **rn;
     void *ret;
 
     lh->error = 0;
@@ -238,10 +128,10 @@ void *lh_delete(_LHASH *lh, const void *data)
     return (ret);
 }
 
-void *lh_retrieve(_LHASH *lh, const void *data)
+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data)
 {
     unsigned long hash;
-    LHASH_NODE **rn;
+    OPENSSL_LH_NODE **rn;
     void *ret;
 
     lh->error = 0;
@@ -257,11 +147,12 @@ void *lh_retrieve(_LHASH *lh, const void *data)
     return (ret);
 }
 
-static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
-                          LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
+static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg,
+                          OPENSSL_LH_DOALL_FUNC func,
+                          OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg)
 {
     int i;
-    LHASH_NODE *a, *n;
+    OPENSSL_LH_NODE *a, *n;
 
     if (lh == NULL)
         return;
@@ -273,13 +164,6 @@ static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
     for (i = lh->num_nodes - 1; i >= 0; i--) {
         a = lh->b[i];
         while (a != NULL) {
-            /*
-             * 28/05/91 - eay - n added so items can be deleted via lh_doall
-             */
-            /*
-             * 22/05/08 - ben - eh? since a is not passed, this should not be
-             * needed
-             */
             n = a->next;
             if (use_arg)
                 func_arg(a->data, arg);
@@ -290,19 +174,19 @@ static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
     }
 }
 
-void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func)
+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func)
 {
-    doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
+    doall_util_fn(lh, 0, func, (OPENSSL_LH_DOALL_FUNCARG)0, NULL);
 }
 
-void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg)
 {
-    doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
+    doall_util_fn(lh, 1, (OPENSSL_LH_DOALL_FUNC)0, func, arg);
 }
 
-static void expand(_LHASH *lh)
+static int expand(OPENSSL_LHASH *lh)
 {
-    LHASH_NODE **n, **n1, **n2, *np;
+    OPENSSL_LH_NODE **n, **n1, **n2, *np;
     unsigned int p, i, j;
     unsigned long hash, nni;
 
@@ -311,16 +195,11 @@ static void expand(_LHASH *lh)
     p = (int)lh->p++;
     n1 = &(lh->b[p]);
     n2 = &(lh->b[p + (int)lh->pmax]);
-    *n2 = NULL;                 /* 27/07/92 - eay - undefined pointer bug */
+    *n2 = NULL;
     nni = lh->num_alloc_nodes;
 
     for (np = *n1; np != NULL;) {
-#ifndef OPENSSL_NO_HASH_COMP
         hash = np->hash;
-#else
-        hash = lh->hash(np->data);
-        lh->num_hash_calls++;
-#endif
         if ((hash % nni) != p) { /* move it */
             *n1 = (*n1)->next;
             np->next = *n2;
@@ -332,15 +211,13 @@ static void expand(_LHASH *lh)
 
     if ((lh->p) >= lh->pmax) {
         j = (int)lh->num_alloc_nodes * 2;
-        n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
-                                           (int)(sizeof(LHASH_NODE *) * j));
+        n = OPENSSL_realloc(lh->b, (int)(sizeof(OPENSSL_LH_NODE *) * j));
         if (n == NULL) {
-/*                      fputs("realloc error in lhash",stderr); */
             lh->error++;
+            lh->num_nodes--;
             lh->p = 0;
-            return;
+            return 0;
         }
-        /* else */
         for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */
             n[i] = NULL;        /* 02/03/92 eay */
         lh->pmax = lh->num_alloc_nodes;
@@ -349,20 +226,20 @@ static void expand(_LHASH *lh)
         lh->p = 0;
         lh->b = n;
     }
+    return 1;
 }
 
-static void contract(_LHASH *lh)
+static void contract(OPENSSL_LHASH *lh)
 {
-    LHASH_NODE **n, *n1, *np;
+    OPENSSL_LH_NODE **n, *n1, *np;
 
     np = lh->b[lh->p + lh->pmax - 1];
     lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */
     if (lh->p == 0) {
-        n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
-                                           (unsigned int)(sizeof(LHASH_NODE *)
-                                                          * lh->pmax));
+        n = OPENSSL_realloc(lh->b,
+                            (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax));
         if (n == NULL) {
-/*                      fputs("realloc error in lhash",stderr); */
+            /* fputs("realloc error in lhash",stderr); */
             lh->error++;
             return;
         }
@@ -387,11 +264,12 @@ static void contract(_LHASH *lh)
     }
 }
 
-static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh,
+                               const void *data, unsigned long *rhash)
 {
-    LHASH_NODE **ret, *n1;
+    OPENSSL_LH_NODE **ret, *n1;
     unsigned long hash, nn;
-    LHASH_COMP_FN_TYPE cf;
+    OPENSSL_LH_COMPFUNC cf;
 
     hash = (*(lh->hash)) (data);
     lh->num_hash_calls++;
@@ -404,13 +282,11 @@ static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
     cf = lh->comp;
     ret = &(lh->b[(int)nn]);
     for (n1 = *ret; n1 != NULL; n1 = n1->next) {
-#ifndef OPENSSL_NO_HASH_COMP
         lh->num_hash_comps++;
         if (n1->hash != hash) {
             ret = &(n1->next);
             continue;
         }
-#endif
         lh->num_comp_calls++;
         if (cf(n1->data, data) == 0)
             break;
@@ -424,7 +300,7 @@ static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
  * collisions on /usr/dict/words and it distributes on %2^n quite well, not
  * as good as MD5, but still good.
  */
-unsigned long lh_strhash(const char *c)
+unsigned long OPENSSL_LH_strhash(const char *c)
 {
     unsigned long ret = 0;
     long n;
@@ -452,7 +328,22 @@ unsigned long lh_strhash(const char *c)
     return ((ret >> 16) ^ ret);
 }
 
-unsigned long lh_num_items(const _LHASH *lh)
+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh)
 {
     return lh ? lh->num_items : 0;
 }
+
+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh)
+{
+    return lh->down_load;
+}
+
+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load)
+{
+    lh->down_load = down_load;
+}
+
+int OPENSSL_LH_error(OPENSSL_LHASH *lh)
+{
+    return lh->error;
+}
diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h b/Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h
new file mode 100644
index 00000000..eb4a1a3f
--- /dev/null
+++ b/Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+struct lhash_node_st {
+    void *data;
+    struct lhash_node_st *next;
+    unsigned long hash;
+};
+
+struct lhash_st {
+    OPENSSL_LH_NODE **b;
+    OPENSSL_LH_COMPFUNC comp;
+    OPENSSL_LH_HASHFUNC hash;
+    unsigned int num_nodes;
+    unsigned int num_alloc_nodes;
+    unsigned int p;
+    unsigned int pmax;
+    unsigned long up_load;      /* load times 256 */
+    unsigned long down_load;    /* load times 256 */
+    unsigned long num_items;
+    unsigned long num_expands;
+    unsigned long num_expand_reallocs;
+    unsigned long num_contracts;
+    unsigned long num_contract_reallocs;
+    unsigned long num_hash_calls;
+    unsigned long num_comp_calls;
+    unsigned long num_insert;
+    unsigned long num_replace;
+    unsigned long num_delete;
+    unsigned long num_no_delete;
+    unsigned long num_retrieve;
+    unsigned long num_retrieve_miss;
+    unsigned long num_hash_comps;
+    int error;
+};