Remove the libssl/src directory

21 files changed, 0 insertions, 5926 deletions

diff --git a/lib/libssl/src/crypto/rsa/rsa.h b/lib/libssl/src/crypto/rsa/rsa.h
deleted file mode 100644
index d240294809f..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa.h
+++ /dev/null
@@ -1,548 +0,0 @@
-/* $OpenBSD: rsa.h,v 1.28 2016/06/30 02:02:06 bcook Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RSA_H
-#define HEADER_RSA_H
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/asn1.h>
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef OPENSSL_NO_RSA
-#error RSA is disabled.
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Declared already in ossl_typ.h */
-/* typedef struct rsa_st RSA; */
-/* typedef struct rsa_meth_st RSA_METHOD; */
-
-struct rsa_meth_st {
-	const char *name;
-	int (*rsa_pub_enc)(int flen, const unsigned char *from,
-	    unsigned char *to, RSA *rsa, int padding);
-	int (*rsa_pub_dec)(int flen, const unsigned char *from,
-	    unsigned char *to, RSA *rsa, int padding);
-	int (*rsa_priv_enc)(int flen, const unsigned char *from,
-	    unsigned char *to, RSA *rsa, int padding);
-	int (*rsa_priv_dec)(int flen, const unsigned char *from,
-	    unsigned char *to, RSA *rsa, int padding);
-	int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-	    BN_CTX *ctx); /* Can be null */
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */
-	int (*init)(RSA *rsa);		/* called at new */
-	int (*finish)(RSA *rsa);	/* called at free */
-	int flags;			/* RSA_METHOD_FLAG_* things */
-	char *app_data;			/* may be needed! */
-/* New sign and verify functions: some libraries don't allow arbitrary data
- * to be signed/verified: this allows them to be used. Note: for this to work
- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
- * option is set in 'flags'.
- */
-	int (*rsa_sign)(int type, const unsigned char *m, unsigned int m_length,
-	    unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-	int (*rsa_verify)(int dtype, const unsigned char *m,
-	    unsigned int m_length, const unsigned char *sigbuf,
-	    unsigned int siglen, const RSA *rsa);
-/* If this callback is NULL, the builtin software RSA key-gen will be used. This
- * is for behavioural compatibility whilst the code gets rewired, but one day
- * it would be nice to assume there are no such things as "builtin software"
- * implementations. */
-	int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-};
-
-struct rsa_st {
-	/* The first parameter is used to pickup errors where
-	 * this is passed instead of aEVP_PKEY, it is set to 0 */
-	int pad;
-	long version;
-	const RSA_METHOD *meth;
-	/* functional reference if 'meth' is ENGINE-provided */
-	ENGINE *engine;
-	BIGNUM *n;
-	BIGNUM *e;
-	BIGNUM *d;
-	BIGNUM *p;
-	BIGNUM *q;
-	BIGNUM *dmp1;
-	BIGNUM *dmq1;
-	BIGNUM *iqmp;
-	/* be careful using this if the RSA structure is shared */
-	CRYPTO_EX_DATA ex_data;
-	int references;
-	int flags;
-
-	/* Used to cache montgomery values */
-	BN_MONT_CTX *_method_mod_n;
-	BN_MONT_CTX *_method_mod_p;
-	BN_MONT_CTX *_method_mod_q;
-
-	/* all BIGNUM values are actually in the following data, if it is not
-	 * NULL */
-	BN_BLINDING *blinding;
-	BN_BLINDING *mt_blinding;
-};
-
-#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
-# define OPENSSL_RSA_MAX_MODULUS_BITS	16384
-#endif
-
-#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
-# define OPENSSL_RSA_SMALL_MODULUS_BITS	3072
-#endif
-#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
-# define OPENSSL_RSA_MAX_PUBEXP_BITS	64 /* exponent limit enforced for "large" modulus only */
-#endif
-
-#define RSA_3	0x3L
-#define RSA_F4	0x10001L
-
-/* Don't check pub/private match. */
-#define RSA_METHOD_FLAG_NO_CHECK	0x0001
-
-#define RSA_FLAG_CACHE_PUBLIC		0x0002
-#define RSA_FLAG_CACHE_PRIVATE		0x0004
-#define RSA_FLAG_BLINDING		0x0008
-#define RSA_FLAG_THREAD_SAFE		0x0010
-
-/*
- * This flag means the private key operations will be handled by rsa_mod_exp
- * and that they do not depend on the private key components being present:
- * for example a key stored in external hardware. Without this flag bn_mod_exp
- * gets called when private key components are absent.
- */
-#define RSA_FLAG_EXT_PKEY		0x0020
-
-/*
- * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
- */
-#define RSA_FLAG_SIGN_VER		0x0040
-
-/*
- * The built-in RSA implementation uses blinding by default, but other engines
- * might not need it.
- */
-#define RSA_FLAG_NO_BLINDING		0x0080
-
-#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
-				pad, NULL)
-
-#define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
-				EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
-
-#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
-				(EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
-				EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
-				len, NULL)
-
-#define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
-				(EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
-				EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
-				0, plen)
-
-#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
-				EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
-
-#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
-				EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
-
-#define	 EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md)	\
-		EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG,  \
-				EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
-
-#define	 EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd)	\
-		EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG,  \
-				EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
-
-#define EVP_PKEY_CTRL_RSA_PADDING	(EVP_PKEY_ALG_CTRL + 1)
-#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN	(EVP_PKEY_ALG_CTRL + 2)
-
-#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS	(EVP_PKEY_ALG_CTRL + 3)
-#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP	(EVP_PKEY_ALG_CTRL + 4)
-#define EVP_PKEY_CTRL_RSA_MGF1_MD	(EVP_PKEY_ALG_CTRL + 5)
-
-#define EVP_PKEY_CTRL_GET_RSA_PADDING		(EVP_PKEY_ALG_CTRL + 6)
-#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN	(EVP_PKEY_ALG_CTRL + 7)
-#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD		(EVP_PKEY_ALG_CTRL + 8)
-
-#define RSA_PKCS1_PADDING	1
-#define RSA_SSLV23_PADDING	2
-#define RSA_NO_PADDING		3
-#define RSA_PKCS1_OAEP_PADDING	4
-#define RSA_X931_PADDING	5
-/* EVP_PKEY_ only */
-#define RSA_PKCS1_PSS_PADDING	6
-
-#define RSA_PKCS1_PADDING_SIZE	11
-
-#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
-#define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
-
-RSA *RSA_new(void);
-RSA *RSA_new_method(ENGINE *engine);
-int RSA_size(const RSA *rsa);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-RSA *RSA_generate_key(int bits, unsigned long e,
-    void (*callback)(int, int, void *), void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-
-int RSA_check_key(const RSA *);
-/* next 4 return -1 on error */
-int RSA_public_encrypt(int flen, const unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
-int RSA_private_encrypt(int flen, const unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
-int RSA_public_decrypt(int flen, const unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
-int RSA_private_decrypt(int flen, const unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
-void RSA_free(RSA *r);
-/* "up" the RSA object's reference count */
-int RSA_up_ref(RSA *r);
-
-int RSA_flags(const RSA *r);
-
-void RSA_set_default_method(const RSA_METHOD *meth);
-const RSA_METHOD *RSA_get_default_method(void);
-const RSA_METHOD *RSA_get_method(const RSA *rsa);
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-
-/* these are the actual SSLeay RSA functions */
-const RSA_METHOD *RSA_PKCS1_SSLeay(void);
-
-const RSA_METHOD *RSA_null_method(void);
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
-
-typedef struct rsa_pss_params_st {
-	X509_ALGOR *hashAlgorithm;
-	X509_ALGOR *maskGenAlgorithm;
-	ASN1_INTEGER *saltLength;
-	ASN1_INTEGER *trailerField;
-} RSA_PSS_PARAMS;
-
-DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
-
-int RSA_print_fp(FILE *fp, const RSA *r, int offset);
-
-#ifndef OPENSSL_NO_BIO
-int RSA_print(BIO *bp, const RSA *r, int offset);
-#endif
-
-#ifndef OPENSSL_NO_RC4
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey);
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-    int (*cb)(char *buf, int len, const char *prompt, int verify));
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-    int (*cb)(char *buf, int len, const char *prompt, int verify));
-#endif
-
-/* The following 2 functions sign and verify a X509_SIG ASN1 object
- * inside PKCS#1 padded RSA encryption */
-int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
-    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-    const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-/* The following 2 function sign and verify a ASN1_OCTET_STRING
- * object inside PKCS#1 padded RSA encryption */
-int RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m,
-    unsigned int m_length, unsigned char *sigret, unsigned int *siglen,
-    RSA *rsa);
-int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
-    unsigned int m_length, unsigned char *sigbuf, unsigned int siglen,
-    RSA *rsa);
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-void RSA_blinding_off(RSA *rsa);
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
-
-int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
-    const unsigned char *f, int fl);
-int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-    const unsigned char *f, int fl, int rsa_len);
-int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-    const unsigned char *f, int fl);
-int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-    const unsigned char *f, int fl, int rsa_len);
-int PKCS1_MGF1(unsigned char *mask, long len,
-    const unsigned char *seed, long seedlen, const EVP_MD *dgst);
-int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
-    const unsigned char *f, int fl,
-    const unsigned char *p, int pl);
-int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
-    const unsigned char *f, int fl, int rsa_len,
-    const unsigned char *p, int pl);
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
-    const unsigned char *f, int fl);
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
-    const unsigned char *f, int fl, int rsa_len);
-int RSA_padding_add_none(unsigned char *to, int tlen,
-    const unsigned char *f, int fl);
-int RSA_padding_check_none(unsigned char *to, int tlen,
-    const unsigned char *f, int fl, int rsa_len);
-int RSA_padding_add_X931(unsigned char *to, int tlen,
-    const unsigned char *f, int fl);
-int RSA_padding_check_X931(unsigned char *to, int tlen,
-    const unsigned char *f, int fl, int rsa_len);
-int RSA_X931_hash_id(int nid);
-
-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
-    const EVP_MD *Hash, const unsigned char *EM, int sLen);
-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
-    const unsigned char *mHash, const EVP_MD *Hash, int sLen);
-
-int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
-    const EVP_MD *Hash, const EVP_MD *mgf1Hash, const unsigned char *EM,
-    int sLen);
-
-int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
-    const unsigned char *mHash, const EVP_MD *Hash, const EVP_MD *mgf1Hash,
-    int sLen);
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int RSA_set_ex_data(RSA *r, int idx, void *arg);
-void *RSA_get_ex_data(const RSA *r, int idx);
-
-RSA *RSAPublicKey_dup(RSA *rsa);
-RSA *RSAPrivateKey_dup(RSA *rsa);
-
-/* If this flag is set the RSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its responsibility
- * to ensure the result is compliant.
- */
-
-#define RSA_FLAG_FIPS_METHOD			0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define RSA_FLAG_NON_FIPS_ALLOW			0x0400
-/* Application has decided PRNG is good enough to generate a key: don't
- * check.
- */
-#define RSA_FLAG_CHECKED			0x0800
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RSA_strings(void);
-
-/* Error codes for the RSA functions. */
-
-/* Function codes. */
-#define RSA_F_CHECK_PADDING_MD				 140
-#define RSA_F_DO_RSA_PRINT				 146
-#define RSA_F_INT_RSA_VERIFY				 145
-#define RSA_F_MEMORY_LOCK				 100
-#define RSA_F_OLD_RSA_PRIV_DECODE			 147
-#define RSA_F_PKEY_RSA_CTRL				 143
-#define RSA_F_PKEY_RSA_CTRL_STR				 144
-#define RSA_F_PKEY_RSA_SIGN				 142
-#define RSA_F_PKEY_RSA_VERIFY				 154
-#define RSA_F_PKEY_RSA_VERIFYRECOVER			 141
-#define RSA_F_RSA_BUILTIN_KEYGEN			 129
-#define RSA_F_RSA_CHECK_KEY				 123
-#define RSA_F_RSA_EAY_MOD_EXP				 157
-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 101
-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 102
-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 103
-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 104
-#define RSA_F_RSA_GENERATE_KEY				 105
-#define RSA_F_RSA_GENERATE_KEY_EX			 155
-#define RSA_F_RSA_ITEM_VERIFY				 156
-#define RSA_F_RSA_MEMORY_LOCK				 130
-#define RSA_F_RSA_NEW_METHOD				 106
-#define RSA_F_RSA_NULL					 124
-#define RSA_F_RSA_NULL_MOD_EXP				 131
-#define RSA_F_RSA_NULL_PRIVATE_DECRYPT			 132
-#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT			 133
-#define RSA_F_RSA_NULL_PUBLIC_DECRYPT			 134
-#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT			 135
-#define RSA_F_RSA_PADDING_ADD_NONE			 107
-#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121
-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS			 125
-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1		 148
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109
-#define RSA_F_RSA_PADDING_ADD_SSLV23			 110
-#define RSA_F_RSA_PADDING_ADD_X931			 127
-#define RSA_F_RSA_PADDING_CHECK_NONE			 111
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP		 122
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113
-#define RSA_F_RSA_PADDING_CHECK_SSLV23			 114
-#define RSA_F_RSA_PADDING_CHECK_X931			 128
-#define RSA_F_RSA_PRINT					 115
-#define RSA_F_RSA_PRINT_FP				 116
-#define RSA_F_RSA_PRIVATE_DECRYPT			 150
-#define RSA_F_RSA_PRIVATE_ENCRYPT			 151
-#define RSA_F_RSA_PRIV_DECODE				 137
-#define RSA_F_RSA_PRIV_ENCODE				 138
-#define RSA_F_RSA_PUBLIC_DECRYPT			 152
-#define RSA_F_RSA_PUBLIC_ENCRYPT			 153
-#define RSA_F_RSA_PUB_DECODE				 139
-#define RSA_F_RSA_SETUP_BLINDING			 136
-#define RSA_F_RSA_SIGN					 117
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118
-#define RSA_F_RSA_VERIFY				 119
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 120
-#define RSA_F_RSA_VERIFY_PKCS1_PSS			 126
-#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1			 149
-
-/* Reason codes. */
-#define RSA_R_ALGORITHM_MISMATCH			 100
-#define RSA_R_BAD_E_VALUE				 101
-#define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
-#define RSA_R_BAD_PAD_BYTE_COUNT			 103
-#define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
-#define RSA_R_DATA_TOO_LARGE				 109
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
-#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS		 132
-#define RSA_R_DATA_TOO_SMALL				 111
-#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
-#define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
-#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
-#define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
-#define RSA_R_FIRST_OCTET_INVALID			 133
-#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE	 144
-#define RSA_R_INVALID_DIGEST_LENGTH			 143
-#define RSA_R_INVALID_HEADER				 137
-#define RSA_R_INVALID_KEYBITS				 145
-#define RSA_R_INVALID_MESSAGE_LENGTH			 131
-#define RSA_R_INVALID_MGF1_MD				 156
-#define RSA_R_INVALID_PADDING				 138
-#define RSA_R_INVALID_PADDING_MODE			 141
-#define RSA_R_INVALID_PSS_PARAMETERS			 149
-#define RSA_R_INVALID_PSS_SALTLEN			 146
-#define RSA_R_INVALID_SALT_LENGTH			 150
-#define RSA_R_INVALID_TRAILER				 139
-#define RSA_R_INVALID_X931_DIGEST			 142
-#define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
-#define RSA_R_KEY_SIZE_TOO_SMALL			 120
-#define RSA_R_LAST_OCTET_INVALID			 134
-#define RSA_R_MODULUS_TOO_LARGE				 105
-#define RSA_R_NON_FIPS_RSA_METHOD			 157
-#define RSA_R_NO_PUBLIC_EXPONENT			 140
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
-#define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
-#define RSA_R_OAEP_DECODING_ERROR			 121
-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE	 158
-#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 148
-#define RSA_R_PADDING_CHECK_FAILED			 114
-#define RSA_R_P_NOT_PRIME				 128
-#define RSA_R_Q_NOT_PRIME				 129
-#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED		 130
-#define RSA_R_SLEN_CHECK_FAILED				 136
-#define RSA_R_SLEN_RECOVERY_FAILED			 135
-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
-#define RSA_R_UNKNOWN_MASK_DIGEST			 151
-#define RSA_R_UNKNOWN_PADDING_TYPE			 118
-#define RSA_R_UNKNOWN_PSS_DIGEST			 152
-#define RSA_R_UNSUPPORTED_MASK_ALGORITHM		 153
-#define RSA_R_UNSUPPORTED_MASK_PARAMETER		 154
-#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE		 155
-#define RSA_R_VALUE_MISSING				 147
-#define RSA_R_WRONG_SIGNATURE_LENGTH			 119
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/lib/libssl/src/crypto/rsa/rsa_ameth.c b/lib/libssl/src/crypto/rsa/rsa_ameth.c
deleted file mode 100644
index b66c7492939..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_ameth.c
+++ /dev/null
@@ -1,675 +0,0 @@
-/* $OpenBSD: rsa_ameth.c,v 1.15 2015/12/03 23:03:10 beck Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/asn1t.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
-#endif
-
-#include "asn1_locl.h"
-
-static int
-rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
-{
-	unsigned char *penc = NULL;
-	int penclen;
-
-	penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
-	if (penclen <= 0)
-		return 0;
-	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
-	    V_ASN1_NULL, NULL, penc, penclen))
-		return 1;
-
-	free(penc);
-	return 0;
-}
-
-static int
-rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
-{
-	const unsigned char *p;
-	int pklen;
-	RSA *rsa = NULL;
-
-	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
-		return 0;
-	if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
-		RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
-		return 0;
-	}
-	EVP_PKEY_assign_RSA (pkey, rsa);
-	return 1;
-}
-
-static int
-rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-	if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 ||
-	    BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
-		return 0;
-	return 1;
-}
-
-static int
-old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
-{
-	RSA *rsa;
-
-	if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) {
-		RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
-		return 0;
-	}
-	EVP_PKEY_assign_RSA(pkey, rsa);
-	return 1;
-}
-
-static int
-old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
-	return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
-}
-
-static int
-rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
-{
-	unsigned char *rk = NULL;
-	int rklen;
-
-	rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
-
-	if (rklen <= 0) {
-		RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-
-	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
-	    V_ASN1_NULL, NULL, rk, rklen)) {
-		RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-
-	return 1;
-}
-
-static int
-rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
-{
-	const unsigned char *p;
-	int pklen;
-
-	if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
-		return 0;
-	return old_rsa_priv_decode(pkey, &p, pklen);
-}
-
-static int
-int_rsa_size(const EVP_PKEY *pkey)
-{
-	return RSA_size(pkey->pkey.rsa);
-}
-
-static int
-rsa_bits(const EVP_PKEY *pkey)
-{
-	return BN_num_bits(pkey->pkey.rsa->n);
-}
-
-static void
-int_rsa_free(EVP_PKEY *pkey)
-{
-	RSA_free(pkey->pkey.rsa);
-}
-
-static void
-update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
-	size_t i;
-
-	if (!b)
-		return;
-	if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
-		*pbuflen = i;
-}
-
-static int
-do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
-{
-	char *str;
-	const char *s;
-	unsigned char *m = NULL;
-	int ret = 0, mod_len = 0;
-	size_t buf_len = 0;
-
-	update_buflen(x->n, &buf_len);
-	update_buflen(x->e, &buf_len);
-
-	if (priv) {
-		update_buflen(x->d, &buf_len);
-		update_buflen(x->p, &buf_len);
-		update_buflen(x->q, &buf_len);
-		update_buflen(x->dmp1, &buf_len);
-		update_buflen(x->dmq1, &buf_len);
-		update_buflen(x->iqmp, &buf_len);
-	}
-
-	m = malloc(buf_len + 10);
-	if (m == NULL) {
-		RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	if (x->n != NULL)
-		mod_len = BN_num_bits(x->n);
-
-	if (!BIO_indent(bp, off, 128))
-		goto err;
-
-	if (priv && x->d) {
-		if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
-			goto err;
-		str = "modulus:";
-		s = "publicExponent:";
-	} else {
-		if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
-			goto err;
-		str = "Modulus:";
-		s= "Exponent:";
-	}
-	if (!ASN1_bn_print(bp, str, x->n, m, off))
-		goto err;
-	if (!ASN1_bn_print(bp, s, x->e, m, off))
-		goto err;
-	if (priv) {
-		if (!ASN1_bn_print(bp, "privateExponent:", x->d,m, off))
-			goto err;
-		if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
-			goto err;
-		if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
-			goto err;
-		if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
-			goto err;
-		if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
-			goto err;
-		if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
-			goto err;
-	}
-	ret = 1;
-err:
-	free(m);
-	return (ret);
-}
-
-static int
-rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
-{
-	return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
-}
-
-static int
-rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
-{
-	return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
-}
-
-static RSA_PSS_PARAMS *
-rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash)
-{
-	const unsigned char *p;
-	int plen;
-	RSA_PSS_PARAMS *pss;
-
-	*pmaskHash = NULL;
-
-	if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
-		return NULL;
-
-	p = alg->parameter->value.sequence->data;
-	plen = alg->parameter->value.sequence->length;
-	pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
-
-	if (!pss)
-		return NULL;
-
-	if (pss->maskGenAlgorithm) {
-		ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
-		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
-		    param && param->type == V_ASN1_SEQUENCE) {
-			p = param->value.sequence->data;
-			plen = param->value.sequence->length;
-			*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
-		}
-	}
-
-	return pss;
-}
-
-static int
-rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash,
-    int indent)
-{
-	int rv = 0;
-
-	if (!pss) {
-		if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
-			return 0;
-		return 1;
-	}
-	if (BIO_puts(bp, "\n") <= 0)
-		goto err;
-	if (!BIO_indent(bp, indent, 128))
-		goto err;
-	if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
-		goto err;
-
-	if (pss->hashAlgorithm) {
-		if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
-			goto err;
-	} else if (BIO_puts(bp, "sha1 (default)") <= 0)
-		goto err;
-
-	if (BIO_puts(bp, "\n") <= 0)
-		goto err;
-
-	if (!BIO_indent(bp, indent, 128))
-		goto err;
-
-	if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
-		goto err;
-	if (pss->maskGenAlgorithm) {
-		if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
-			goto err;
-		if (BIO_puts(bp, " with ") <= 0)
-			goto err;
-		if (maskHash) {
-			if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
-				goto err;
-		} else if (BIO_puts(bp, "INVALID") <= 0)
-			goto err;
-	} else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
-		goto err;
-	BIO_puts(bp, "\n");
-
-	if (!BIO_indent(bp, indent, 128))
-		goto err;
-	if (BIO_puts(bp, "Salt Length: 0x") <= 0)
-		goto err;
-	if (pss->saltLength) {
-		if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
-			goto err;
-	} else if (BIO_puts(bp, "14 (default)") <= 0)
-		goto err;
-	BIO_puts(bp, "\n");
-
-	if (!BIO_indent(bp, indent, 128))
-		goto err;
-	if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
-		goto err;
-	if (pss->trailerField) {
-		if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
-			goto err;
-	} else if (BIO_puts(bp, "BC (default)") <= 0)
-		goto err;
-	BIO_puts(bp, "\n");
-
-	rv = 1;
-
-err:
-	return rv;
-}
-
-static int
-rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig,
-    int indent, ASN1_PCTX *pctx)
-{
-	if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
-		int rv;
-		RSA_PSS_PARAMS *pss;
-		X509_ALGOR *maskHash;
-		pss = rsa_pss_decode(sigalg, &maskHash);
-		rv = rsa_pss_param_print(bp, pss, maskHash, indent);
-		if (pss)
-			RSA_PSS_PARAMS_free(pss);
-		if (maskHash)
-			X509_ALGOR_free(maskHash);
-		if (!rv)
-			return 0;
-	} else if (!sig && BIO_puts(bp, "\n") <= 0)
-		return 0;
-	if (sig)
-		return X509_signature_dump(bp, sig, indent);
-	return 1;
-}
-
-static int
-rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
-{
-	X509_ALGOR *alg = NULL;
-
-	switch (op) {
-	case ASN1_PKEY_CTRL_PKCS7_SIGN:
-		if (arg1 == 0)
-			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
-		break;
-
-	case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
-		if (arg1 == 0)
-			PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
-		break;
-#ifndef OPENSSL_NO_CMS
-	case ASN1_PKEY_CTRL_CMS_SIGN:
-		if (arg1 == 0)
-			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
-		break;
-
-	case ASN1_PKEY_CTRL_CMS_ENVELOPE:
-		if (arg1 == 0)
-			CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
-		break;
-#endif
-
-	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-		*(int *)arg2 = NID_sha1;
-		return 1;
-
-	default:
-		return -2;
-	}
-
-	if (alg)
-		X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
-		    V_ASN1_NULL, 0);
-
-	return 1;
-}
-
-/* Customised RSA item verification routine. This is called
- * when a signature is encountered requiring special handling. We
- * currently only handle PSS.
- */
-static int
-rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-    X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey)
-{
-	int rv = -1;
-	int saltlen;
-	const EVP_MD *mgf1md = NULL, *md = NULL;
-	RSA_PSS_PARAMS *pss;
-	X509_ALGOR *maskHash;
-	EVP_PKEY_CTX *pkctx;
-
-	/* Sanity check: make sure it is PSS */
-	if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
-		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
-		return -1;
-	}
-
-	/* Decode PSS parameters */
-	pss = rsa_pss_decode(sigalg, &maskHash);
-
-	if (pss == NULL) {
-		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
-		goto err;
-	}
-	/* Check mask and lookup mask hash algorithm */
-	if (pss->maskGenAlgorithm) {
-		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
-			RSAerr(RSA_F_RSA_ITEM_VERIFY,
-			    RSA_R_UNSUPPORTED_MASK_ALGORITHM);
-			goto err;
-		}
-		if (!maskHash) {
-			RSAerr(RSA_F_RSA_ITEM_VERIFY,
-			    RSA_R_UNSUPPORTED_MASK_PARAMETER);
-			goto err;
-		}
-		mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
-		if (mgf1md == NULL) {
-			RSAerr(RSA_F_RSA_ITEM_VERIFY,
-			    RSA_R_UNKNOWN_MASK_DIGEST);
-			goto err;
-		}
-	} else
-		mgf1md = EVP_sha1();
-
-	if (pss->hashAlgorithm) {
-		md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
-		if (md == NULL) {
-			RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
-			goto err;
-		}
-	} else
-		md = EVP_sha1();
-
-	if (pss->saltLength) {
-		saltlen = ASN1_INTEGER_get(pss->saltLength);
-
-		/* Could perform more salt length sanity checks but the main
-		 * RSA routines will trap other invalid values anyway.
-		 */
-		if (saltlen < 0) {
-			RSAerr(RSA_F_RSA_ITEM_VERIFY,
-			    RSA_R_INVALID_SALT_LENGTH);
-			goto err;
-		}
-	} else
-		saltlen = 20;
-
-	/* low-level routines support only trailer field 0xbc (value 1)
-	 * and PKCS#1 says we should reject any other value anyway.
-	 */
-	if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
-		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
-		goto err;
-	}
-
-	/* We have all parameters now set up context */
-
-	if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
-		goto err;
-
-	if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
-		goto err;
-	/* Carry on */
-	rv = 2;
-
-err:
-	RSA_PSS_PARAMS_free(pss);
-	if (maskHash)
-		X509_ALGOR_free(maskHash);
-	return rv;
-}
-
-static int
-rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-    X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)
-{
-	int pad_mode;
-	EVP_PKEY_CTX *pkctx = ctx->pctx;
-
-	if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
-		return 0;
-	if (pad_mode == RSA_PKCS1_PADDING)
-		return 2;
-	if (pad_mode == RSA_PKCS1_PSS_PADDING) {
-		const EVP_MD *sigmd, *mgf1md;
-		RSA_PSS_PARAMS *pss = NULL;
-		X509_ALGOR *mgf1alg = NULL;
-		ASN1_STRING *os1 = NULL, *os2 = NULL;
-		EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
-		int saltlen, rv = 0;
-
-		sigmd = EVP_MD_CTX_md(ctx);
-		if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
-			goto err;
-		if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
-			goto err;
-		if (saltlen == -1)
-			saltlen = EVP_MD_size(sigmd);
-		else if (saltlen == -2) {
-			saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
-			if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
-				saltlen--;
-		}
-		pss = RSA_PSS_PARAMS_new();
-		if (!pss)
-			goto err;
-		if (saltlen != 20) {
-			pss->saltLength = ASN1_INTEGER_new();
-			if (!pss->saltLength)
-				goto err;
-			if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
-				goto err;
-		}
-		if (EVP_MD_type(sigmd) != NID_sha1) {
-			pss->hashAlgorithm = X509_ALGOR_new();
-			if (!pss->hashAlgorithm)
-				goto err;
-			X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
-		}
-		if (EVP_MD_type(mgf1md) != NID_sha1) {
-			ASN1_STRING *stmp = NULL;
-			/* need to embed algorithm ID inside another */
-			mgf1alg = X509_ALGOR_new();
-			X509_ALGOR_set_md(mgf1alg, mgf1md);
-			if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR),
-			    &stmp))
-				goto err;
-			pss->maskGenAlgorithm = X509_ALGOR_new();
-			if (!pss->maskGenAlgorithm)
-				goto err;
-			X509_ALGOR_set0(pss->maskGenAlgorithm,
-			    OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
-		}
-		/* Finally create string with pss parameter encoding. */
-		if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
-			goto err;
-		if (alg2) {
-			os2 = ASN1_STRING_dup(os1);
-			if (!os2)
-				goto err;
-			X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
-			    V_ASN1_SEQUENCE, os2);
-		}
-		X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
-		    V_ASN1_SEQUENCE, os1);
-		os1 = os2 = NULL;
-		rv = 3;
-err:
-		if (mgf1alg)
-			X509_ALGOR_free(mgf1alg);
-		if (pss)
-			RSA_PSS_PARAMS_free(pss);
-		ASN1_STRING_free(os1);
-		return rv;
-	}
-	return 2;
-}
-
-const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
-	{
-		.pkey_id = EVP_PKEY_RSA,
-		.pkey_base_id = EVP_PKEY_RSA,
-		.pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
-
-		.pem_str = "RSA",
-		.info = "OpenSSL RSA method",
-
-		.pub_decode = rsa_pub_decode,
-		.pub_encode = rsa_pub_encode,
-		.pub_cmp = rsa_pub_cmp,
-		.pub_print = rsa_pub_print,
-
-		.priv_decode = rsa_priv_decode,
-		.priv_encode = rsa_priv_encode,
-		.priv_print = rsa_priv_print,
-
-		.pkey_size = int_rsa_size,
-		.pkey_bits = rsa_bits,
-
-		.sig_print = rsa_sig_print,
-
-		.pkey_free = int_rsa_free,
-		.pkey_ctrl = rsa_pkey_ctrl,
-		.old_priv_decode = old_rsa_priv_decode,
-		.old_priv_encode = old_rsa_priv_encode,
-		.item_verify = rsa_item_verify,
-		.item_sign = rsa_item_sign
-	},
-
-	{
-		.pkey_id = EVP_PKEY_RSA2,
-		.pkey_base_id = EVP_PKEY_RSA,
-		.pkey_flags = ASN1_PKEY_ALIAS
-	}
-};
diff --git a/lib/libssl/src/crypto/rsa/rsa_asn1.c b/lib/libssl/src/crypto/rsa/rsa_asn1.c
deleted file mode 100644
index 27afdece008..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_asn1.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/* $OpenBSD: rsa_asn1.c,v 1.12 2015/02/14 15:06:55 jsing Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-
-#include <openssl/asn1t.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-
-/* Override the default free and new methods */
-static int
-rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
-{
-	if (operation == ASN1_OP_NEW_PRE) {
-		*pval = (ASN1_VALUE *)RSA_new();
-		if (*pval)
-			return 2;
-		return 0;
-	} else if (operation == ASN1_OP_FREE_PRE) {
-		RSA_free((RSA *)*pval);
-		*pval = NULL;
-		return 2;
-	}
-	return 1;
-}
-
-static const ASN1_AUX RSAPrivateKey_aux = {
-	.app_data = NULL,
-	.flags = 0,
-	.ref_offset = 0,
-	.ref_lock = 0,
-	.asn1_cb = rsa_cb,
-	.enc_offset = 0,
-};
-static const ASN1_TEMPLATE RSAPrivateKey_seq_tt[] = {
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, version),
-		.field_name = "version",
-		.item = &LONG_it,
-	},
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, n),
-		.field_name = "n",
-		.item = &BIGNUM_it,
-	},
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, e),
-		.field_name = "e",
-		.item = &BIGNUM_it,
-	},
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, d),
-		.field_name = "d",
-		.item = &BIGNUM_it,
-	},
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, p),
-		.field_name = "p",
-		.item = &BIGNUM_it,
-	},
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, q),
-		.field_name = "q",
-		.item = &BIGNUM_it,
-	},
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, dmp1),
-		.field_name = "dmp1",
-		.item = &BIGNUM_it,
-	},
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, dmq1),
-		.field_name = "dmq1",
-		.item = &BIGNUM_it,
-	},
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, iqmp),
-		.field_name = "iqmp",
-		.item = &BIGNUM_it,
-	},
-};
-
-const ASN1_ITEM RSAPrivateKey_it = {
-	.itype = ASN1_ITYPE_SEQUENCE,
-	.utype = V_ASN1_SEQUENCE,
-	.templates = RSAPrivateKey_seq_tt,
-	.tcount = sizeof(RSAPrivateKey_seq_tt) / sizeof(ASN1_TEMPLATE),
-	.funcs = &RSAPrivateKey_aux,
-	.size = sizeof(RSA),
-	.sname = "RSA",
-};
-
-
-static const ASN1_AUX RSAPublicKey_aux = {
-	.app_data = NULL,
-	.flags = 0,
-	.ref_offset = 0,
-	.ref_lock = 0,
-	.asn1_cb = rsa_cb,
-	.enc_offset = 0,
-};
-static const ASN1_TEMPLATE RSAPublicKey_seq_tt[] = {
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, n),
-		.field_name = "n",
-		.item = &BIGNUM_it,
-	},
-	{
-		.flags = 0,
-		.tag = 0,
-		.offset = offsetof(RSA, e),
-		.field_name = "e",
-		.item = &BIGNUM_it,
-	},
-};
-
-const ASN1_ITEM RSAPublicKey_it = {
-	.itype = ASN1_ITYPE_SEQUENCE,
-	.utype = V_ASN1_SEQUENCE,
-	.templates = RSAPublicKey_seq_tt,
-	.tcount = sizeof(RSAPublicKey_seq_tt) / sizeof(ASN1_TEMPLATE),
-	.funcs = &RSAPublicKey_aux,
-	.size = sizeof(RSA),
-	.sname = "RSA",
-};
-
-static const ASN1_TEMPLATE RSA_PSS_PARAMS_seq_tt[] = {
-	{
-		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
-		.tag = 0,
-		.offset = offsetof(RSA_PSS_PARAMS, hashAlgorithm),
-		.field_name = "hashAlgorithm",
-		.item = &X509_ALGOR_it,
-	},
-	{
-		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
-		.tag = 1,
-		.offset = offsetof(RSA_PSS_PARAMS, maskGenAlgorithm),
-		.field_name = "maskGenAlgorithm",
-		.item = &X509_ALGOR_it,
-	},
-	{
-		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
-		.tag = 2,
-		.offset = offsetof(RSA_PSS_PARAMS, saltLength),
-		.field_name = "saltLength",
-		.item = &ASN1_INTEGER_it,
-	},
-	{
-		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
-		.tag = 3,
-		.offset = offsetof(RSA_PSS_PARAMS, trailerField),
-		.field_name = "trailerField",
-		.item = &ASN1_INTEGER_it,
-	},
-};
-
-const ASN1_ITEM RSA_PSS_PARAMS_it = {
-	.itype = ASN1_ITYPE_SEQUENCE,
-	.utype = V_ASN1_SEQUENCE,
-	.templates = RSA_PSS_PARAMS_seq_tt,
-	.tcount = sizeof(RSA_PSS_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE),
-	.funcs = NULL,
-	.size = sizeof(RSA_PSS_PARAMS),
-	.sname = "RSA_PSS_PARAMS",
-};
-
-
-RSA_PSS_PARAMS *
-d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **a, const unsigned char **in, long len)
-{
-	return (RSA_PSS_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-	    &RSA_PSS_PARAMS_it);
-}
-
-int
-i2d_RSA_PSS_PARAMS(RSA_PSS_PARAMS *a, unsigned char **out)
-{
-	return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSA_PSS_PARAMS_it);
-}
-
-RSA_PSS_PARAMS *
-RSA_PSS_PARAMS_new(void)
-{
-	return (RSA_PSS_PARAMS *)ASN1_item_new(&RSA_PSS_PARAMS_it);
-}
-
-void
-RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a)
-{
-	ASN1_item_free((ASN1_VALUE *)a, &RSA_PSS_PARAMS_it);
-}
-
-
-RSA *
-d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len)
-{
-	return (RSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-	    &RSAPrivateKey_it);
-}
-
-int
-i2d_RSAPrivateKey(const RSA *a, unsigned char **out)
-{
-	return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSAPrivateKey_it);
-}
-
-
-RSA *
-d2i_RSAPublicKey(RSA **a, const unsigned char **in, long len)
-{
-	return (RSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-	    &RSAPublicKey_it);
-}
-
-int
-i2d_RSAPublicKey(const RSA *a, unsigned char **out)
-{
-	return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSAPublicKey_it);
-}
-
-RSA *
-RSAPublicKey_dup(RSA *rsa)
-{
-	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
-}
-
-RSA *
-RSAPrivateKey_dup(RSA *rsa)
-{
-	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_chk.c b/lib/libssl/src/crypto/rsa/rsa_chk.c
deleted file mode 100644
index c247a8d80e8..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_chk.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/* $OpenBSD: rsa_chk.c,v 1.9 2014/07/10 07:43:11 jsing Exp $ */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-int
-RSA_check_key(const RSA *key)
-{
-	BIGNUM *i, *j, *k, *l, *m;
-	BN_CTX *ctx;
-	int r;
-	int ret = 1;
-
-	if (!key->p || !key->q || !key->n || !key->e || !key->d) {
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
-		return 0;
-	}
-
-	i = BN_new();
-	j = BN_new();
-	k = BN_new();
-	l = BN_new();
-	m = BN_new();
-	ctx = BN_CTX_new();
-	if (i == NULL || j == NULL || k == NULL || l == NULL || m == NULL ||
-	    ctx == NULL) {
-		ret = -1;
-		RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	/* p prime? */
-	r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
-	if (r != 1) {
-		ret = r;
-		if (r != 0)
-			goto err;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
-	}
-
-	/* q prime? */
-	r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
-	if (r != 1) {
-		ret = r;
-		if (r != 0)
-			goto err;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
-	}
-
-	/* n = p*q? */
-	r = BN_mul(i, key->p, key->q, ctx);
-	if (!r) {
-		ret = -1;
-		goto err;
-	}
-
-	if (BN_cmp(i, key->n) != 0) {
-		ret = 0;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
-	}
-
-	/* d*e = 1  mod lcm(p-1,q-1)? */
-
-	r = BN_sub(i, key->p, BN_value_one());
-	if (!r) {
-		ret = -1;
-		goto err;
-	}
-	r = BN_sub(j, key->q, BN_value_one());
-	if (!r) {
-		ret = -1;
-		goto err;
-	}
-
-	/* now compute k = lcm(i,j) */
-	r = BN_mul(l, i, j, ctx);
-	if (!r) {
-		ret = -1;
-		goto err;
-	}
-	r = BN_gcd(m, i, j, ctx);
-	if (!r) {
-		ret = -1;
-		goto err;
-	}
-	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
-	if (!r) {
-		ret = -1;
-		goto err;
-	}
-
-	r = BN_mod_mul(i, key->d, key->e, k, ctx);
-	if (!r) {
-		ret = -1;
-		goto err;
-	}
-
-	if (!BN_is_one(i)) {
-		ret = 0;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
-	}
-
-	if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
-		/* dmp1 = d mod (p-1)? */
-		r = BN_sub(i, key->p, BN_value_one());
-		if (!r) {
-			ret = -1;
-			goto err;
-		}
-
-		r = BN_mod(j, key->d, i, ctx);
-		if (!r) {
-			ret = -1;
-			goto err;
-		}
-
-		if (BN_cmp(j, key->dmp1) != 0) {
-			ret = 0;
-			RSAerr(RSA_F_RSA_CHECK_KEY,
-			    RSA_R_DMP1_NOT_CONGRUENT_TO_D);
-		}
-
-		/* dmq1 = d mod (q-1)? */
-		r = BN_sub(i, key->q, BN_value_one());
-		if (!r) {
-			ret = -1;
-			goto err;
-		}
-
-		r = BN_mod(j, key->d, i, ctx);
-		if (!r) {
-			ret = -1;
-			goto err;
-		}
-
-		if (BN_cmp(j, key->dmq1) != 0) {
-			ret = 0;
-			RSAerr(RSA_F_RSA_CHECK_KEY,
-			    RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
-		}
-
-		/* iqmp = q^-1 mod p? */
-		if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
-			ret = -1;
-			goto err;
-		}
-
-		if (BN_cmp(i, key->iqmp) != 0) {
-			ret = 0;
-			RSAerr(RSA_F_RSA_CHECK_KEY,
-			    RSA_R_IQMP_NOT_INVERSE_OF_Q);
-		}
-	}
-
-err:
-	BN_free(i);
-	BN_free(j);
-	BN_free(k);
-	BN_free(l);
-	BN_free(m);
-	BN_CTX_free(ctx);
-
-	return (ret);
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_crpt.c b/lib/libssl/src/crypto/rsa/rsa_crpt.c
deleted file mode 100644
index ccb677c12b0..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_crpt.c
+++ /dev/null
@@ -1,214 +0,0 @@
-/* $OpenBSD: rsa_crpt.c,v 1.16 2016/07/07 11:53:12 bcook Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/lhash.h>
-#include <openssl/rsa.h>
-
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-int
-RSA_size(const RSA *r)
-{
-	return BN_num_bytes(r->n);
-}
-
-int
-RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
-    RSA *rsa, int padding)
-{
-	return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding);
-}
-
-int
-RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
-    RSA *rsa, int padding)
-{
-	return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding);
-}
-
-int
-RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-    RSA *rsa, int padding)
-{
-	return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding);
-}
-
-int
-RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
-    RSA *rsa, int padding)
-{
-	return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding);
-}
-
-int
-RSA_flags(const RSA *r)
-{
-	return r == NULL ? 0 : r->meth->flags;
-}
-
-void
-RSA_blinding_off(RSA *rsa)
-{
-	BN_BLINDING_free(rsa->blinding);
-	rsa->blinding = NULL;
-	rsa->flags |= RSA_FLAG_NO_BLINDING;
-}
-
-int
-RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
-{
-	int ret = 0;
-
-	if (rsa->blinding != NULL)
-		RSA_blinding_off(rsa);
-
-	rsa->blinding = RSA_setup_blinding(rsa, ctx);
-	if (rsa->blinding == NULL)
-		goto err;
-
-	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-	ret = 1;
-err:
-	return (ret);
-}
-
-static BIGNUM *
-rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q,
-    BN_CTX *ctx)
-{
-	BIGNUM *ret = NULL, *r0, *r1, *r2;
-
-	if (d == NULL || p == NULL || q == NULL)
-		return NULL;
-
-	BN_CTX_start(ctx);
-	if ((r0 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((r1 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((r2 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
-	if (!BN_sub(r1, p, BN_value_one()))
-		goto err;
-	if (!BN_sub(r2, q, BN_value_one()))
-		goto err;
-	if (!BN_mul(r0, r1, r2, ctx))
-		goto err;
-
-	ret = BN_mod_inverse(NULL, d, r0, ctx);
-err:
-	BN_CTX_end(ctx);
-	return ret;
-}
-
-BN_BLINDING *
-RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
-{
-	BIGNUM *e;
-	BIGNUM n;
-	BN_CTX *ctx;
-	BN_BLINDING *ret = NULL;
-
-	if (in_ctx == NULL) {
-		if ((ctx = BN_CTX_new()) == NULL)
-			return 0;
-	} else
-		ctx = in_ctx;
-
-	BN_CTX_start(ctx);
-
-	if (rsa->e == NULL) {
-		e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
-		if (e == NULL) {
-			RSAerr(RSA_F_RSA_SETUP_BLINDING,
-			    RSA_R_NO_PUBLIC_EXPONENT);
-			goto err;
-		}
-	} else
-		e = rsa->e;
-
-	BN_init(&n);
-	BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
-
-	ret = BN_BLINDING_create_param(NULL, e, &n, ctx, rsa->meth->bn_mod_exp,
-	    rsa->_method_mod_n);
-
-	if (ret == NULL) {
-		RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
-		goto err;
-	}
-	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
-err:
-	BN_CTX_end(ctx);
-	if (in_ctx == NULL)
-		BN_CTX_free(ctx);
-	if (rsa->e == NULL)
-		BN_free(e);
-
-	return ret;
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_depr.c b/lib/libssl/src/crypto/rsa/rsa_depr.c
deleted file mode 100644
index b830a2293c4..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_depr.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* $OpenBSD: rsa_depr.c,v 1.8 2014/07/11 08:44:49 jsing Exp $ */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NB: This file contains deprecated functions (compatibility wrappers to the
- * "new" versions). */
-
-#include <stdio.h>
-#include <time.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#ifndef OPENSSL_NO_DEPRECATED
-
-RSA *
-RSA_generate_key(int bits, unsigned long e_value,
-    void (*callback)(int, int, void *), void *cb_arg)
-{
-	BN_GENCB cb;
-	int i;
-	RSA *rsa = RSA_new();
-	BIGNUM *e = BN_new();
-
-	if (!rsa || !e)
-		goto err;
-
-	/* The problem is when building with 8, 16, or 32 BN_ULONG,
-	 * unsigned long can be larger */
-	for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) {
-		if (e_value & (1UL << i))
-			if (BN_set_bit(e, i) == 0)
-				goto err;
-	}
-
-	BN_GENCB_set_old(&cb, callback, cb_arg);
-
-	if (RSA_generate_key_ex(rsa, bits, e, &cb)) {
-		BN_free(e);
-		return rsa;
-	}
-err:
-	BN_free(e);
-	RSA_free(rsa);
-
-	return 0;
-}
-#endif
diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c
deleted file mode 100644
index 2facd1c6f6a..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ /dev/null
@@ -1,888 +0,0 @@
-/* $OpenBSD: rsa_eay.c,v 1.42 2016/07/07 11:53:12 bcook Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
-static int RSA_eay_init(RSA *rsa);
-static int RSA_eay_finish(RSA *rsa);
-
-static RSA_METHOD rsa_pkcs1_eay_meth = {
-	.name = "Eric Young's PKCS#1 RSA",
-	.rsa_pub_enc = RSA_eay_public_encrypt,
-	.rsa_pub_dec = RSA_eay_public_decrypt, /* signature verification */
-	.rsa_priv_enc = RSA_eay_private_encrypt, /* signing */
-	.rsa_priv_dec = RSA_eay_private_decrypt,
-	.rsa_mod_exp = RSA_eay_mod_exp,
-	.bn_mod_exp = BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
-	.init = RSA_eay_init,
-	.finish = RSA_eay_finish,
-};
-
-const RSA_METHOD *
-RSA_PKCS1_SSLeay(void)
-{
-	return &rsa_pkcs1_eay_meth;
-}
-
-static int
-RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
-    RSA *rsa, int padding)
-{
-	BIGNUM *f, *ret;
-	int i, j, k, num = 0, r = -1;
-	unsigned char *buf = NULL;
-	BN_CTX *ctx = NULL;
-
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
-		return -1;
-	}
-
-	if (BN_ucmp(rsa->n, rsa->e) <= 0) {
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-		return -1;
-	}
-
-	/* for large moduli, enforce exponent limit */
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
-		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
-			RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-			return -1;
-		}
-	}
-
-	if ((ctx = BN_CTX_new()) == NULL)
-		goto err;
-
-	BN_CTX_start(ctx);
-	f = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num = BN_num_bytes(rsa->n);
-	buf = malloc(num);
-
-	if (f == NULL || ret == NULL || buf == NULL) {
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	switch (padding) {
-	case RSA_PKCS1_PADDING:
-		i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
-		break;
-#ifndef OPENSSL_NO_SHA
-	case RSA_PKCS1_OAEP_PADDING:
-		i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
-		break;
-#endif
-	case RSA_SSLV23_PADDING:
-		i = RSA_padding_add_SSLv23(buf, num, from, flen);
-		break;
-	case RSA_NO_PADDING:
-		i = RSA_padding_add_none(buf, num, from, flen);
-		break;
-	default:
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
-		    RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-	}
-	if (i <= 0)
-		goto err;
-
-	if (BN_bin2bn(buf, num, f) == NULL)
-		goto err;
-
-	if (BN_ucmp(f, rsa->n) >= 0) {
-		/* usually the padding functions would catch this */
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
-		    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-	}
-
-	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
-		    CRYPTO_LOCK_RSA, rsa->n, ctx))
-			goto err;
-
-	if (!rsa->meth->bn_mod_exp(ret, f,rsa->e, rsa->n, ctx,
-	    rsa->_method_mod_n))
-		goto err;
-
-	/* put in leading 0 bytes if the number is less than the
-	 * length of the modulus */
-	j = BN_num_bytes(ret);
-	i = BN_bn2bin(ret, &(to[num - j]));
-	for (k = 0; k < num - i; k++)
-		to[k] = 0;
-
-	r = num;
-err:
-	if (ctx != NULL) {
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-	}
-	if (buf != NULL) {
-		explicit_bzero(buf, num);
-		free(buf);
-	}
-	return r;
-}
-
-static BN_BLINDING *
-rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
-{
-	BN_BLINDING *ret;
-	int got_write_lock = 0;
-	CRYPTO_THREADID cur;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_RSA);
-
-	if (rsa->blinding == NULL) {
-		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-		CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-		got_write_lock = 1;
-
-		if (rsa->blinding == NULL)
-			rsa->blinding = RSA_setup_blinding(rsa, ctx);
-	}
-
-	ret = rsa->blinding;
-	if (ret == NULL)
-		goto err;
-
-	CRYPTO_THREADID_current(&cur);
-	if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) {
-		/* rsa->blinding is ours! */
-		*local = 1;
-	} else {
-		/* resort to rsa->mt_blinding instead */
-		/*
-		 * Instruct rsa_blinding_convert(), rsa_blinding_invert()
-		 * that the BN_BLINDING is shared, meaning that accesses
-		 * require locks, and that the blinding factor must be
-		 * stored outside the BN_BLINDING
-		 */
-		*local = 0;
-
-		if (rsa->mt_blinding == NULL) {
-			if (!got_write_lock) {
-				CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-				CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-				got_write_lock = 1;
-			}
-
-			if (rsa->mt_blinding == NULL)
-				rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
-		}
-		ret = rsa->mt_blinding;
-	}
-
-err:
-	if (got_write_lock)
-		CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-	else
-		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-	return ret;
-}
-
-static int
-rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, BN_CTX *ctx)
-{
-	if (unblind == NULL)
-		/*
-		 * Local blinding: store the unblinding factor
-		 * in BN_BLINDING.
-		 */
-		return BN_BLINDING_convert_ex(f, NULL, b, ctx);
-	else {
-		/*
-		 * Shared blinding: store the unblinding factor
-		 * outside BN_BLINDING.
-		 */
-		int ret;
-		CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
-		ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
-		CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
-		return ret;
-	}
-}
-
-static int
-rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, BN_CTX *ctx)
-{
-	/*
-	 * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
-	 * will use the unblinding factor stored in BN_BLINDING.
-	 * If BN_BLINDING is shared between threads, unblind must be non-null:
-	 * BN_BLINDING_invert_ex will then use the local unblinding factor,
-	 * and will only read the modulus from BN_BLINDING.
-	 * In both cases it's safe to access the blinding without a lock.
-	 */
-	return BN_BLINDING_invert_ex(f, unblind, b, ctx);
-}
-
-/* signing */
-static int
-RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
-    RSA *rsa, int padding)
-{
-	BIGNUM *f, *ret, *res;
-	int i, j, k, num = 0, r = -1;
-	unsigned char *buf = NULL;
-	BN_CTX *ctx = NULL;
-	int local_blinding = 0;
-	/*
-	 * Used only if the blinding structure is shared. A non-NULL unblind
-	 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
-	 * the unblinding factor outside the blinding structure.
-	 */
-	BIGNUM *unblind = NULL;
-	BN_BLINDING *blinding = NULL;
-
-	if ((ctx = BN_CTX_new()) == NULL)
-		goto err;
-
-	BN_CTX_start(ctx);
-	f = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num = BN_num_bytes(rsa->n);
-	buf = malloc(num);
-
-	if (f == NULL || ret == NULL || buf == NULL) {
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	switch (padding) {
-	case RSA_PKCS1_PADDING:
-		i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
-		break;
-	case RSA_X931_PADDING:
-		i = RSA_padding_add_X931(buf, num, from, flen);
-		break;
-	case RSA_NO_PADDING:
-		i = RSA_padding_add_none(buf, num, from, flen);
-		break;
-	case RSA_SSLV23_PADDING:
-	default:
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
-		    RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-	}
-	if (i <= 0)
-		goto err;
-
-	if (BN_bin2bn(buf, num, f) == NULL)
-		goto err;
-
-	if (BN_ucmp(f, rsa->n) >= 0) {
-		/* usually the padding functions would catch this */
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
-		    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-	}
-
-	if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
-		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
-		if (blinding == NULL) {
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
-			    ERR_R_INTERNAL_ERROR);
-			goto err;
-		}
-	}
-
-	if (blinding != NULL) {
-		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
-			    ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
-			goto err;
-	}
-
-	if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
-	    (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL &&
-	    rsa->dmq1 != NULL && rsa->iqmp != NULL)) {
-		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
-			goto err;
-	} else {
-		BIGNUM d;
-
-		BN_init(&d);
-		BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
-
-		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-			if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
-			    CRYPTO_LOCK_RSA, rsa->n, ctx))
-				goto err;
-
-		if (!rsa->meth->bn_mod_exp(ret, f, &d, rsa->n, ctx,
-		    rsa->_method_mod_n)) {
-			goto err;
-		}
-	}
-
-	if (blinding)
-		if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
-			goto err;
-
-	if (padding == RSA_X931_PADDING) {
-		BN_sub(f, rsa->n, ret);
-		if (BN_cmp(ret, f) > 0)
-			res = f;
-		else
-			res = ret;
-	} else
-		res = ret;
-
-	/* put in leading 0 bytes if the number is less than the
-	 * length of the modulus */
-	j = BN_num_bytes(res);
-	i = BN_bn2bin(res, &(to[num - j]));
-	for (k = 0; k < num - i; k++)
-		to[k] = 0;
-
-	r = num;
-err:
-	if (ctx != NULL) {
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-	}
-	if (buf != NULL) {
-		explicit_bzero(buf, num);
-		free(buf);
-	}
-	return r;
-}
-
-static int
-RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-    RSA *rsa, int padding)
-{
-	BIGNUM *f, *ret;
-	int j, num = 0, r = -1;
-	unsigned char *p;
-	unsigned char *buf = NULL;
-	BN_CTX *ctx = NULL;
-	int local_blinding = 0;
-	/*
-	 * Used only if the blinding structure is shared. A non-NULL unblind
-	 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
-	 * the unblinding factor outside the blinding structure.
-	 */
-	BIGNUM *unblind = NULL;
-	BN_BLINDING *blinding = NULL;
-
-	if ((ctx = BN_CTX_new()) == NULL)
-		goto err;
-
-	BN_CTX_start(ctx);
-	f = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num = BN_num_bytes(rsa->n);
-	buf = malloc(num);
-
-	if (!f || !ret || !buf) {
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	/* This check was for equality but PGP does evil things
-	 * and chops off the top '0' bytes */
-	if (flen > num) {
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-		    RSA_R_DATA_GREATER_THAN_MOD_LEN);
-		goto err;
-	}
-
-	/* make data into a big number */
-	if (BN_bin2bn(from, (int)flen, f) == NULL)
-		goto err;
-
-	if (BN_ucmp(f, rsa->n) >= 0) {
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-		    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-	}
-
-	if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
-		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
-		if (blinding == NULL) {
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-			    ERR_R_INTERNAL_ERROR);
-			goto err;
-		}
-	}
-
-	if (blinding != NULL) {
-		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-			    ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
-			goto err;
-	}
-
-	/* do the decrypt */
-	if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
-	    (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL &&
-	    rsa->dmq1 != NULL && rsa->iqmp != NULL)) {
-		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
-			goto err;
-	} else {
-		BIGNUM d;
-
-		BN_init(&d);
-		BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
-
-		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-			if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
-			    CRYPTO_LOCK_RSA, rsa->n, ctx))
-				goto err;
-
-		if (!rsa->meth->bn_mod_exp(ret, f, &d, rsa->n, ctx,
-		    rsa->_method_mod_n)) {
-			goto err;
-		}
-	}
-
-	if (blinding)
-		if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
-			goto err;
-
-	p = buf;
-	j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */
-
-	switch (padding) {
-	case RSA_PKCS1_PADDING:
-		r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
-		break;
-#ifndef OPENSSL_NO_SHA
-	case RSA_PKCS1_OAEP_PADDING:
-		r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
-		break;
-#endif
-	case RSA_SSLV23_PADDING:
-		r = RSA_padding_check_SSLv23(to, num, buf, j, num);
-		break;
-	case RSA_NO_PADDING:
-		r = RSA_padding_check_none(to, num, buf, j, num);
-		break;
-	default:
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-		    RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-	}
-	if (r < 0)
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-		    RSA_R_PADDING_CHECK_FAILED);
-
-err:
-	if (ctx != NULL) {
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-	}
-	if (buf != NULL) {
-		explicit_bzero(buf, num);
-		free(buf);
-	}
-	return r;
-}
-
-/* signature verification */
-static int
-RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
-    RSA *rsa, int padding)
-{
-	BIGNUM *f, *ret;
-	int i, num = 0, r = -1;
-	unsigned char *p;
-	unsigned char *buf = NULL;
-	BN_CTX *ctx = NULL;
-
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
-		return -1;
-	}
-
-	if (BN_ucmp(rsa->n, rsa->e) <= 0) {
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
-		return -1;
-	}
-
-	/* for large moduli, enforce exponent limit */
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
-		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
-			RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
-			return -1;
-		}
-	}
-
-	if ((ctx = BN_CTX_new()) == NULL)
-		goto err;
-
-	BN_CTX_start(ctx);
-	f = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num = BN_num_bytes(rsa->n);
-	buf = malloc(num);
-
-	if (!f || !ret || !buf) {
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	/* This check was for equality but PGP does evil things
-	 * and chops off the top '0' bytes */
-	if (flen > num) {
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
-		    RSA_R_DATA_GREATER_THAN_MOD_LEN);
-		goto err;
-	}
-
-	if (BN_bin2bn(from, flen, f) == NULL)
-		goto err;
-
-	if (BN_ucmp(f, rsa->n) >= 0) {
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
-		    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-	}
-
-	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
-		    CRYPTO_LOCK_RSA, rsa->n, ctx))
-			goto err;
-
-	if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
-	    rsa->_method_mod_n))
-		goto err;
-
-	if (padding == RSA_X931_PADDING && (ret->d[0] & 0xf) != 12)
-		if (!BN_sub(ret, rsa->n, ret))
-			goto err;
-
-	p = buf;
-	i = BN_bn2bin(ret, p);
-
-	switch (padding) {
-	case RSA_PKCS1_PADDING:
-		r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
-		break;
-	case RSA_X931_PADDING:
-		r = RSA_padding_check_X931(to, num, buf, i, num);
-		break;
-	case RSA_NO_PADDING:
-		r = RSA_padding_check_none(to, num, buf, i, num);
-		break;
-	default:
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
-		    RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-	}
-	if (r < 0)
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
-		    RSA_R_PADDING_CHECK_FAILED);
-
-err:
-	if (ctx != NULL) {
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-	}
-	if (buf != NULL) {
-		explicit_bzero(buf, num);
-		free(buf);
-	}
-	return r;
-}
-
-static int
-RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
-	BIGNUM *r1, *m1, *vrfy;
-	BIGNUM dmp1, dmq1, c, pr1;
-	int ret = 0;
-
-	BN_CTX_start(ctx);
-	r1 = BN_CTX_get(ctx);
-	m1 = BN_CTX_get(ctx);
-	vrfy = BN_CTX_get(ctx);
-	if (r1 == NULL || m1 == NULL || vrfy == NULL) {
-		RSAerr(RSA_F_RSA_EAY_MOD_EXP, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	{
-		BIGNUM p, q;
-
-		/*
-		 * Make sure BN_mod_inverse in Montgomery intialization uses the
-		 * BN_FLG_CONSTTIME flag
-		 */
-		BN_init(&p);
-		BN_init(&q);
-		BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME);
-		BN_with_flags(&q, rsa->q, BN_FLG_CONSTTIME);
-
-		if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
-			if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
-			     CRYPTO_LOCK_RSA, &p, ctx) ||
-			    !BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
-			     CRYPTO_LOCK_RSA, &q, ctx)) {
-				goto err;
-			}
-		}
-	}
-
-	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
-		    CRYPTO_LOCK_RSA, rsa->n, ctx))
-			goto err;
-
-	/* compute I mod q */
-	BN_init(&c);
-	BN_with_flags(&c, I, BN_FLG_CONSTTIME);
-
-	if (!BN_mod(r1, &c, rsa->q, ctx))
-		goto err;
-
-	/* compute r1^dmq1 mod q */
-	BN_init(&dmq1);
-	BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
-
-	if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx,
-	    rsa->_method_mod_q))
-		goto err;
-
-	/* compute I mod p */
-	BN_with_flags(&c, I, BN_FLG_CONSTTIME);
-
-	if (!BN_mod(r1, &c, rsa->p, ctx))
-		goto err;
-
-	/* compute r1^dmp1 mod p */
-	BN_init(&dmp1);
-	BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
-
-	if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx,
-	    rsa->_method_mod_p))
-		goto err;
-
-	if (!BN_sub(r0, r0, m1))
-		goto err;
-
-	/*
-	 * This will help stop the size of r0 increasing, which does
-	 * affect the multiply if it optimised for a power of 2 size
-	 */
-	if (BN_is_negative(r0))
-		if (!BN_add(r0, r0, rsa->p))
-			goto err;
-
-	if (!BN_mul(r1, r0, rsa->iqmp, ctx))
-		goto err;
-
-	/* Turn BN_FLG_CONSTTIME flag on before division operation */
-	BN_init(&pr1);
-	BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME);
-
-	if (!BN_mod(r0, &pr1, rsa->p, ctx))
-		goto err;
-
-	/*
-	 * If p < q it is occasionally possible for the correction of
-	 * adding 'p' if r0 is negative above to leave the result still
-	 * negative. This can break the private key operations: the following
-	 * second correction should *always* correct this rare occurrence.
-	 * This will *never* happen with OpenSSL generated keys because
-	 * they ensure p > q [steve]
-	 */
-	if (BN_is_negative(r0))
-		if (!BN_add(r0, r0, rsa->p))
-			goto err;
-	if (!BN_mul(r1, r0, rsa->q, ctx))
-		goto err;
-	if (!BN_add(r0, r1, m1))
-		goto err;
-
-	if (rsa->e && rsa->n) {
-		if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,
-		    rsa->_method_mod_n))
-			goto err;
-		/*
-		 * If 'I' was greater than (or equal to) rsa->n, the operation
-		 * will be equivalent to using 'I mod n'. However, the result of
-		 * the verify will *always* be less than 'n' so we don't check
-		 * for absolute equality, just congruency.
-		 */
-		if (!BN_sub(vrfy, vrfy, I))
-			goto err;
-		if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
-			goto err;
-		if (BN_is_negative(vrfy))
-			if (!BN_add(vrfy, vrfy, rsa->n))
-				goto err;
-		if (!BN_is_zero(vrfy)) {
-			/*
-			 * 'I' and 'vrfy' aren't congruent mod n. Don't leak
-			 * miscalculated CRT output, just do a raw (slower)
-			 * mod_exp and return that instead.
-			 */
-			BIGNUM d;
-
-			BN_init(&d);
-			BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
-
-			if (!rsa->meth->bn_mod_exp(r0, I, &d, rsa->n, ctx,
-			    rsa->_method_mod_n)) {
-				goto err;
-			}
-		}
-	}
-	ret = 1;
-err:
-	BN_CTX_end(ctx);
-	return ret;
-}
-
-static int
-RSA_eay_init(RSA *rsa)
-{
-	rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
-	return 1;
-}
-
-static int
-RSA_eay_finish(RSA *rsa)
-{
-	BN_MONT_CTX_free(rsa->_method_mod_n);
-	BN_MONT_CTX_free(rsa->_method_mod_p);
-	BN_MONT_CTX_free(rsa->_method_mod_q);
-
-	return 1;
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_err.c b/lib/libssl/src/crypto/rsa/rsa_err.c
deleted file mode 100644
index 81622c60994..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_err.c
+++ /dev/null
@@ -1,210 +0,0 @@
-/* $OpenBSD: rsa_err.c,v 1.16 2015/02/15 14:35:30 miod Exp $ */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
-
-static ERR_STRING_DATA RSA_str_functs[] = {
-	{ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"},
-	{ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"},
-	{ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"},
-	{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
-	{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"},
-	{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
-	{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"},
-	{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
-	{ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "PKEY_RSA_VERIFY"},
-	{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"},
-	{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
-	{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
-	{ERR_FUNC(RSA_F_RSA_EAY_MOD_EXP), "RSA_EAY_MOD_EXP"},
-	{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
-	{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
-	{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
-	{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
-	{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
-	{ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"},
-	{ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"},
-	{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
-	{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
-	{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
-	{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
-	{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"},
-	{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"},
-	{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"},
-	{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1), "RSA_padding_add_PKCS1_PSS_mgf1"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
-	{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
-	{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
-	{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
-	{ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"},
-	{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
-	{ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
-	{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"},
-	{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
-	{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
-	{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
-	{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
-	{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
-	{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
-	{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
-	{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
-	{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
-	{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"},
-	{0, NULL}
-};
-
-static ERR_STRING_DATA RSA_str_reasons[] = {
-	{ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    , "algorithm mismatch"},
-	{ERR_REASON(RSA_R_BAD_E_VALUE)           , "bad e value"},
-	{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"},
-	{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT)    , "bad pad byte count"},
-	{ERR_REASON(RSA_R_BAD_SIGNATURE)         , "bad signature"},
-	{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01)  , "block type is not 01"},
-	{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02)  , "block type is not 02"},
-	{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN), "data greater than mod len"},
-	{ERR_REASON(RSA_R_DATA_TOO_LARGE)        , "data too large"},
-	{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"},
-	{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS), "data too large for modulus"},
-	{ERR_REASON(RSA_R_DATA_TOO_SMALL)        , "data too small"},
-	{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), "data too small for key size"},
-	{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), "digest too big for rsa key"},
-	{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"},
-	{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"},
-	{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"},
-	{ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   , "first octet invalid"},
-	{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), "illegal or unsupported padding mode"},
-	{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) , "invalid digest length"},
-	{ERR_REASON(RSA_R_INVALID_HEADER)        , "invalid header"},
-	{ERR_REASON(RSA_R_INVALID_KEYBITS)       , "invalid keybits"},
-	{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
-	{ERR_REASON(RSA_R_INVALID_MGF1_MD)       , "invalid mgf1 md"},
-	{ERR_REASON(RSA_R_INVALID_PADDING)       , "invalid padding"},
-	{ERR_REASON(RSA_R_INVALID_PADDING_MODE)  , "invalid padding mode"},
-	{ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"},
-	{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN)   , "invalid pss saltlen"},
-	{ERR_REASON(RSA_R_INVALID_SALT_LENGTH)   , "invalid salt length"},
-	{ERR_REASON(RSA_R_INVALID_TRAILER)       , "invalid trailer"},
-	{ERR_REASON(RSA_R_INVALID_X931_DIGEST)   , "invalid x931 digest"},
-	{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) , "iqmp not inverse of q"},
-	{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    , "key size too small"},
-	{ERR_REASON(RSA_R_LAST_OCTET_INVALID)    , "last octet invalid"},
-	{ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     , "modulus too large"},
-	{ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD)   , "non fips rsa method"},
-	{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    , "no public exponent"},
-	{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), "null before block missing"},
-	{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  , "n does not equal p q"},
-	{ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   , "oaep decoding error"},
-	{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), "operation not allowed in fips mode"},
-	{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"},
-	{ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  , "padding check failed"},
-	{ERR_REASON(RSA_R_P_NOT_PRIME)           , "p not prime"},
-	{ERR_REASON(RSA_R_Q_NOT_PRIME)           , "q not prime"},
-	{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), "rsa operations not supported"},
-	{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     , "salt length check failed"},
-	{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  , "salt length recovery failed"},
-	{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) , "sslv3 rollback attack"},
-	{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"},
-	{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
-	{ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST)   , "unknown mask digest"},
-	{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  , "unknown padding type"},
-	{ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST)    , "unknown pss digest"},
-	{ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM), "unsupported mask algorithm"},
-	{ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER), "unsupported mask parameter"},
-	{ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"},
-	{ERR_REASON(RSA_R_VALUE_MISSING)         , "value missing"},
-	{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
-	{0, NULL}
-};
-
-#endif
-
-void
-ERR_load_RSA_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-	if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) {
-		ERR_load_strings(0, RSA_str_functs);
-		ERR_load_strings(0, RSA_str_reasons);
-	}
-#endif
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_gen.c b/lib/libssl/src/crypto/rsa/rsa_gen.c
deleted file mode 100644
index d46f4f2478f..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_gen.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/* $OpenBSD: rsa_gen.c,v 1.18 2016/06/30 02:02:06 bcook Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in rsa_depr.c.
- * - Geoff
- */
-
-#include <stdio.h>
-#include <time.h>
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
-
-/*
- * NB: this wrapper would normally be placed in rsa_lib.c and the static
- * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so
- * that we don't introduce a new linker dependency. Eg. any application that
- * wasn't previously linking object code related to key-generation won't have to
- * now just because key-generation is part of RSA_METHOD.
- */
-int
-RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
-{
-	if (rsa->meth->rsa_keygen)
-		return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-	return rsa_builtin_keygen(rsa, bits, e_value, cb);
-}
-
-static int
-rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
-{
-	BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
-	BIGNUM pr0, d, p;
-	int bitsp, bitsq, ok = -1, n = 0;
-	BN_CTX *ctx = NULL;
-
-	ctx = BN_CTX_new();
-	if (ctx == NULL)
-		goto err;
-	BN_CTX_start(ctx);
-	if ((r0 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((r1 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((r2 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((r3 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
-	bitsp = (bits + 1) / 2;
-	bitsq = bits - bitsp;
-
-	/* We need the RSA components non-NULL */
-	if (!rsa->n && ((rsa->n = BN_new()) == NULL))
-		goto err;
-	if (!rsa->d && ((rsa->d = BN_new()) == NULL))
-		goto err;
-	if (!rsa->e && ((rsa->e = BN_new()) == NULL))
-		goto err;
-	if (!rsa->p && ((rsa->p = BN_new()) == NULL))
-		goto err;
-	if (!rsa->q && ((rsa->q = BN_new()) == NULL))
-		goto err;
-	if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
-		goto err;
-	if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
-		goto err;
-	if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
-		goto err;
-
-	BN_copy(rsa->e, e_value);
-
-	/* generate p and q */
-	for (;;) {
-		if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
-			goto err;
-		if (!BN_sub(r2, rsa->p, BN_value_one()))
-			goto err;
-		if (!BN_gcd(r1, r2, rsa->e, ctx))
-			goto err;
-		if (BN_is_one(r1))
-			break;
-		if (!BN_GENCB_call(cb, 2, n++))
-			goto err;
-	}
-	if (!BN_GENCB_call(cb, 3, 0))
-		goto err;
-	for (;;) {
-		/*
-		 * When generating ridiculously small keys, we can get stuck
-		 * continually regenerating the same prime values. Check for
-		 * this and bail if it happens 3 times.
-		 */
-		unsigned int degenerate = 0;
-		do {
-			if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL,
-			    cb))
-				goto err;
-		} while (BN_cmp(rsa->p, rsa->q) == 0 &&
-		    ++degenerate < 3);
-		if (degenerate == 3) {
-			ok = 0; /* we set our own err */
-			RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,
-			    RSA_R_KEY_SIZE_TOO_SMALL);
-			goto err;
-		}
-		if (!BN_sub(r2, rsa->q, BN_value_one()))
-			goto err;
-		if (!BN_gcd(r1, r2, rsa->e, ctx))
-			goto err;
-		if (BN_is_one(r1))
-			break;
-		if (!BN_GENCB_call(cb, 2, n++))
-			goto err;
-	}
-	if (!BN_GENCB_call(cb, 3, 1))
-		goto err;
-	if (BN_cmp(rsa->p, rsa->q) < 0) {
-		tmp = rsa->p;
-		rsa->p = rsa->q;
-		rsa->q = tmp;
-	}
-
-	/* calculate n */
-	if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
-		goto err;
-
-	/* calculate d */
-	if (!BN_sub(r1, rsa->p, BN_value_one()))	/* p-1 */
-		goto err;
-	if (!BN_sub(r2, rsa->q, BN_value_one()))	/* q-1 */
-		goto err;
-	if (!BN_mul(r0, r1, r2, ctx))			/* (p-1)(q-1) */
-		goto err;
-
-	BN_with_flags(&pr0, r0, BN_FLG_CONSTTIME);
-
-	if (!BN_mod_inverse(rsa->d, rsa->e, &pr0, ctx)) /* d */
-		goto err;
-
-	/* set up d for correct BN_FLG_CONSTTIME flag */
-	BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
-
-	/* calculate d mod (p-1) */
-	if (!BN_mod(rsa->dmp1, &d, r1, ctx))
-		goto err;
-
-	/* calculate d mod (q-1) */
-	if (!BN_mod(rsa->dmq1, &d, r2, ctx))
-		goto err;
-
-	/* calculate inverse of q mod p */
-	BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME);
-	if (!BN_mod_inverse(rsa->iqmp, rsa->q, &p, ctx))
-		goto err;
-
-	ok = 1;
-err:
-	if (ok == -1) {
-		RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
-		ok = 0;
-	}
-	if (ctx != NULL) {
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-	}
-
-	return ok;
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_lib.c b/lib/libssl/src/crypto/rsa/rsa_lib.c
deleted file mode 100644
index 51dc94a1340..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ /dev/null
@@ -1,258 +0,0 @@
-/* $OpenBSD: rsa_lib.c,v 1.30 2015/02/11 03:19:37 doug Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/lhash.h>
-#include <openssl/rsa.h>
-
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-static const RSA_METHOD *default_RSA_meth = NULL;
-
-RSA *
-RSA_new(void)
-{
-	RSA *r = RSA_new_method(NULL);
-
-	return r;
-}
-
-void
-RSA_set_default_method(const RSA_METHOD *meth)
-{
-	default_RSA_meth = meth;
-}
-
-const RSA_METHOD *
-RSA_get_default_method(void)
-{
-	if (default_RSA_meth == NULL)
-		default_RSA_meth = RSA_PKCS1_SSLeay();
-
-	return default_RSA_meth;
-}
-
-const RSA_METHOD *
-RSA_get_method(const RSA *rsa)
-{
-	return rsa->meth;
-}
-
-int
-RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
-{
-	/*
-	 * NB: The caller is specifically setting a method, so it's not up to us
-	 * to deal with which ENGINE it comes from.
-	 */
-	const RSA_METHOD *mtmp;
-
-	mtmp = rsa->meth;
-	if (mtmp->finish)
-		mtmp->finish(rsa);
-#ifndef OPENSSL_NO_ENGINE
-	if (rsa->engine) {
-		ENGINE_finish(rsa->engine);
-		rsa->engine = NULL;
-	}
-#endif
-	rsa->meth = meth;
-	if (meth->init)
-		meth->init(rsa);
-	return 1;
-}
-
-RSA *
-RSA_new_method(ENGINE *engine)
-{
-	RSA *ret;
-
-	ret = malloc(sizeof(RSA));
-	if (ret == NULL) {
-		RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	ret->meth = RSA_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
-	if (engine) {
-		if (!ENGINE_init(engine)) {
-			RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-			free(ret);
-			return NULL;
-		}
-		ret->engine = engine;
-	} else
-		ret->engine = ENGINE_get_default_RSA();
-	if (ret->engine) {
-		ret->meth = ENGINE_get_RSA(ret->engine);
-		if (!ret->meth) {
-			RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			free(ret);
-			return NULL;
-		}
-	}
-#endif
-
-	ret->pad = 0;
-	ret->version = 0;
-	ret->n = NULL;
-	ret->e = NULL;
-	ret->d = NULL;
-	ret->p = NULL;
-	ret->q = NULL;
-	ret->dmp1 = NULL;
-	ret->dmq1 = NULL;
-	ret->iqmp = NULL;
-	ret->references = 1;
-	ret->_method_mod_n = NULL;
-	ret->_method_mod_p = NULL;
-	ret->_method_mod_q = NULL;
-	ret->blinding = NULL;
-	ret->mt_blinding = NULL;
-	ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
-	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
-#ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			ENGINE_finish(ret->engine);
-#endif
-		free(ret);
-		return NULL;
-	}
-
-	if (ret->meth->init != NULL && !ret->meth->init(ret)) {
-#ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			ENGINE_finish(ret->engine);
-#endif
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
-		free(ret);
-		ret = NULL;
-	}
-	return ret;
-}
-
-void
-RSA_free(RSA *r)
-{
-	int i;
-
-	if (r == NULL)
-		return;
-
-	i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA);
-	if (i > 0)
-		return;
-
-	if (r->meth->finish)
-		r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-	if (r->engine)
-		ENGINE_finish(r->engine);
-#endif
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
-
-	BN_clear_free(r->n);
-	BN_clear_free(r->e);
-	BN_clear_free(r->d);
-	BN_clear_free(r->p);
-	BN_clear_free(r->q);
-	BN_clear_free(r->dmp1);
-	BN_clear_free(r->dmq1);
-	BN_clear_free(r->iqmp);
-	BN_BLINDING_free(r->blinding);
-	BN_BLINDING_free(r->mt_blinding);
-	free(r);
-}
-
-int
-RSA_up_ref(RSA *r)
-{
-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
-	return i > 1 ? 1 : 0;
-}
-
-int
-RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
-	    new_func, dup_func, free_func);
-}
-
-int
-RSA_set_ex_data(RSA *r, int idx, void *arg)
-{
-	return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
-}
-
-void *
-RSA_get_ex_data(const RSA *r, int idx)
-{
-	return CRYPTO_get_ex_data(&r->ex_data, idx);
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_locl.h b/lib/libssl/src/crypto/rsa/rsa_locl.h
deleted file mode 100644
index 24da0dc1796..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_locl.h
+++ /dev/null
@@ -1,4 +0,0 @@
-/* $OpenBSD: rsa_locl.h,v 1.3 2014/07/09 19:51:31 jsing Exp $ */
-extern int int_rsa_verify(int dtype, const unsigned char *m,
-    unsigned int m_len, unsigned char *rm, size_t *prm_len,
-    const unsigned char *sigbuf, size_t siglen, RSA *rsa);
diff --git a/lib/libssl/src/crypto/rsa/rsa_none.c b/lib/libssl/src/crypto/rsa/rsa_none.c
deleted file mode 100644
index 5222b3c1ebf..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_none.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/* $OpenBSD: rsa_none.c,v 1.10 2014/10/18 17:20:40 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-int
-RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *from,
-    int flen)
-{
-	if (flen > tlen) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,
-		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return 0;
-	}
-
-	if (flen < tlen) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,
-		    RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
-		return 0;
-	}
-
-	memcpy(to, from, flen);
-	return 1;
-}
-
-int
-RSA_padding_check_none(unsigned char *to, int tlen, const unsigned char *from,
-    int flen, int num)
-{
-	if (flen > tlen) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE);
-		return -1;
-	}
-
-	memset(to, 0, tlen - flen);
-	memcpy(to + tlen - flen, from, flen);
-	return tlen;
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_oaep.c b/lib/libssl/src/crypto/rsa/rsa_oaep.c
deleted file mode 100644
index 86e2bfc34f4..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_oaep.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/* $OpenBSD: rsa_oaep.c,v 1.25 2015/06/20 12:01:14 jsing Exp $ */
-/* Written by Ulf Moeller. This software is distributed on an "AS IS"
-   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
-
-/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
-
-/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
- * <URL: http://www.shoup.net/papers/oaep.ps.Z>
- * for problems with the security proof for the
- * original OAEP scheme, which EME-OAEP is based on.
- *
- * A new proof can be found in E. Fujisaki, T. Okamoto,
- * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
- * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
- * The new proof has stronger requirements for the
- * underlying permutation: "partial-one-wayness" instead
- * of one-wayness.  For the RSA function, this is
- * an equivalent notion.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h>
-
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/sha.h>
-
-static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
-    long seedlen);
-
-int
-RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
-    const unsigned char *from, int flen, const unsigned char *param, int plen)
-{
-	int i, emlen = tlen - 1;
-	unsigned char *db, *seed;
-	unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
-
-	if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
-		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return 0;
-	}
-
-	if (emlen < 2 * SHA_DIGEST_LENGTH + 1) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
-		    RSA_R_KEY_SIZE_TOO_SMALL);
-		return 0;
-	}
-
-	to[0] = 0;
-	seed = to + 1;
-	db = to + SHA_DIGEST_LENGTH + 1;
-
-	if (!EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL))
-		return 0;
-	memset(db + SHA_DIGEST_LENGTH, 0,
-	    emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
-	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
-	memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, flen);
-	arc4random_buf(seed, SHA_DIGEST_LENGTH);
-
-	dbmask = malloc(emlen - SHA_DIGEST_LENGTH);
-	if (dbmask == NULL) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-
-	if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed,
-	    SHA_DIGEST_LENGTH) < 0)
-		return 0;
-	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
-		db[i] ^= dbmask[i];
-
-	if (MGF1(seedmask, SHA_DIGEST_LENGTH, db,
-	    emlen - SHA_DIGEST_LENGTH) < 0)
-		return 0;
-	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-		seed[i] ^= seedmask[i];
-
-	free(dbmask);
-	return 1;
-}
-
-int
-RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
-    const unsigned char *from, int flen, int num, const unsigned char *param,
-    int plen)
-{
-	int i, dblen, mlen = -1;
-	const unsigned char *maskeddb;
-	int lzero;
-	unsigned char *db = NULL;
-	unsigned char seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
-	unsigned char *padded_from;
-	int bad = 0;
-
-	if (--num < 2 * SHA_DIGEST_LENGTH + 1)
-		/*
-		 * 'num' is the length of the modulus, i.e. does not depend
-		 * on the particular ciphertext.
-		 */
-		goto decoding_err;
-
-	lzero = num - flen;
-	if (lzero < 0) {
-		/*
-		 * signalling this error immediately after detection might allow
-		 * for side-channel attacks (e.g. timing if 'plen' is huge
-		 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA
-		 * Optimal Asymmetric Encryption Padding (OAEP) [...]",
-		 * CRYPTO 2001), so we use a 'bad' flag
-		 */
-		bad = 1;
-		lzero = 0;
-		flen = num; /* don't overflow the memcpy to padded_from */
-	}
-
-	dblen = num - SHA_DIGEST_LENGTH;
-	db = malloc(dblen + num);
-	if (db == NULL) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
-		    ERR_R_MALLOC_FAILURE);
-		return -1;
-	}
-
-	/*
-	 * Always do this zero-padding copy (even when lzero == 0)
-	 * to avoid leaking timing info about the value of lzero.
-	 */
-	padded_from = db + dblen;
-	memset(padded_from, 0, lzero);
-	memcpy(padded_from + lzero, from, flen);
-
-	maskeddb = padded_from + SHA_DIGEST_LENGTH;
-
-	if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen))
-		return -1;
-	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-		seed[i] ^= padded_from[i];
-
-	if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
-		return -1;
-	for (i = 0; i < dblen; i++)
-		db[i] ^= maskeddb[i];
-
-	if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
-		return -1;
-
-	if (timingsafe_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
-		goto decoding_err;
-	else {
-		for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
-			if (db[i] != 0x00)
-				break;
-		if (i == dblen || db[i] != 0x01)
-			goto decoding_err;
-		else {
-			/* everything looks OK */
-
-			mlen = dblen - ++i;
-			if (tlen < mlen) {
-				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
-				    RSA_R_DATA_TOO_LARGE);
-				mlen = -1;
-			} else
-				memcpy(to, db + i, mlen);
-		}
-	}
-	free(db);
-	return mlen;
-
-decoding_err:
-	/*
-	 * To avoid chosen ciphertext attacks, the error message should not
-	 * reveal which kind of decoding error happened
-	 */
-	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
-	free(db);
-	return -1;
-}
-
-int
-PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
-    long seedlen, const EVP_MD *dgst)
-{
-	long i, outlen = 0;
-	unsigned char cnt[4];
-	EVP_MD_CTX c;
-	unsigned char md[EVP_MAX_MD_SIZE];
-	int mdlen;
-	int rv = -1;
-
-	EVP_MD_CTX_init(&c);
-	mdlen = EVP_MD_size(dgst);
-	if (mdlen < 0)
-		goto err;
-	for (i = 0; outlen < len; i++) {
-		cnt[0] = (unsigned char)((i >> 24) & 255);
-		cnt[1] = (unsigned char)((i >> 16) & 255);
-		cnt[2] = (unsigned char)((i >> 8)) & 255;
-		cnt[3] = (unsigned char)(i & 255);
-		if (!EVP_DigestInit_ex(&c, dgst, NULL) ||
-		    !EVP_DigestUpdate(&c, seed, seedlen) ||
-		    !EVP_DigestUpdate(&c, cnt, 4))
-			goto err;
-		if (outlen + mdlen <= len) {
-			if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL))
-				goto err;
-			outlen += mdlen;
-		} else {
-			if (!EVP_DigestFinal_ex(&c, md, NULL))
-				goto err;
-			memcpy(mask + outlen, md, len - outlen);
-			outlen = len;
-		}
-	}
-	rv = 0;
-err:
-	EVP_MD_CTX_cleanup(&c);
-	return rv;
-}
-
-static int
-MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
-{
-	return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
-}
-#endif
diff --git a/lib/libssl/src/crypto/rsa/rsa_pk1.c b/lib/libssl/src/crypto/rsa/rsa_pk1.c
deleted file mode 100644
index 6c3e7fb8461..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_pk1.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/* $OpenBSD: rsa_pk1.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-int
-RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
-    const unsigned char *from, int flen)
-{
-	int j;
-	unsigned char *p;
-
-	if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
-		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return 0;
-	}
-
-	p = (unsigned char *)to;
-
-	*(p++) = 0;
-	*(p++) = 1; /* Private Key BT (Block Type) */
-
-	/* pad out with 0xff data */
-	j = tlen - 3 - flen;
-	memset(p, 0xff, j);
-	p += j;
-	*(p++) = '\0';
-	memcpy(p, from, flen);
-
-	return 1;
-}
-
-int
-RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-    const unsigned char *from, int flen, int num)
-{
-	int i, j;
-	const unsigned char *p;
-
-	p = from;
-	if (num != flen + 1 || *(p++) != 01) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
-		    RSA_R_BLOCK_TYPE_IS_NOT_01);
-		return -1;
-	}
-
-	/* scan over padding data */
-	j = flen - 1; /* one for type. */
-	for (i = 0; i < j; i++) {
-		if (*p != 0xff) {
-			/* should decrypt to 0xff */
-			if (*p == 0) {
-				p++;
-				break;
-			} else {
-				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
-				    RSA_R_BAD_FIXED_HEADER_DECRYPT);
-				return -1;
-			}
-		}
-		p++;
-	}
-
-	if (i == j) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
-		    RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		return -1;
-	}
-
-	if (i < 8) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
-		    RSA_R_BAD_PAD_BYTE_COUNT);
-		return -1;
-	}
-	i++; /* Skip over the '\0' */
-	j -= i;
-	if (j > tlen) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
-		    RSA_R_DATA_TOO_LARGE);
-		return -1;
-	}
-	memcpy(to, p, j);
-
-	return j;
-}
-
-int
-RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-    const unsigned char *from, int flen)
-{
-	int i, j;
-	unsigned char *p;
-
-	if (flen > tlen - 11) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
-		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return 0;
-	}
-
-	p = (unsigned char *)to;
-
-	*(p++) = 0;
-	*(p++) = 2; /* Public Key BT (Block Type) */
-
-	/* pad out with non-zero random data */
-	j = tlen - 3 - flen;
-
-	arc4random_buf(p, j);
-	for (i = 0; i < j; i++) {
-		while (*p == '\0')
-			arc4random_buf(p, 1);
-		p++;
-	}
-
-	*(p++) = '\0';
-
-	memcpy(p, from, flen);
-	return 1;
-}
-
-int
-RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-    const unsigned char *from, int flen, int num)
-{
-	int i, j;
-	const unsigned char *p;
-
-	p = from;
-	if (num != flen + 1 || *(p++) != 02) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
-		    RSA_R_BLOCK_TYPE_IS_NOT_02);
-		return -1;
-	}
-
-	/* scan over padding data */
-	j = flen - 1; /* one for type. */
-	for (i = 0; i < j; i++)
-		if (*(p++) == 0)
-			break;
-
-	if (i == j) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
-		    RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		return -1;
-	}
-
-	if (i < 8) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
-		    RSA_R_BAD_PAD_BYTE_COUNT);
-		return -1;
-	}
-	i++; /* Skip over the '\0' */
-	j -= i;
-	if (j > tlen) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
-		    RSA_R_DATA_TOO_LARGE);
-		return -1;
-	}
-	memcpy(to, p, j);
-
-	return j;
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/lib/libssl/src/crypto/rsa/rsa_pmeth.c
deleted file mode 100644
index 0b648138ee8..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ /dev/null
@@ -1,616 +0,0 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.17 2015/06/20 01:07:25 doug Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <limits.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/asn1t.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
-#endif
-
-#include "evp_locl.h"
-#include "rsa_locl.h"
-
-/* RSA pkey context structure */
-
-typedef struct {
-	/* Key gen parameters */
-	int nbits;
-	BIGNUM *pub_exp;
-	/* Keygen callback info */
-	int gentmp[2];
-	/* RSA padding mode */
-	int pad_mode;
-	/* message digest */
-	const EVP_MD *md;
-	/* message digest for MGF1 */
-	const EVP_MD *mgf1md;
-	/* PSS/OAEP salt length */
-	int saltlen;
-	/* Temp buffer */
-	unsigned char *tbuf;
-} RSA_PKEY_CTX;
-
-static int
-pkey_rsa_init(EVP_PKEY_CTX *ctx)
-{
-	RSA_PKEY_CTX *rctx;
-
-	rctx = malloc(sizeof(RSA_PKEY_CTX));
-	if (!rctx)
-		return 0;
-	rctx->nbits = 2048;
-	rctx->pub_exp = NULL;
-	rctx->pad_mode = RSA_PKCS1_PADDING;
-	rctx->md = NULL;
-	rctx->mgf1md = NULL;
-	rctx->tbuf = NULL;
-
-	rctx->saltlen = -2;
-
-	ctx->data = rctx;
-	ctx->keygen_info = rctx->gentmp;
-	ctx->keygen_info_count = 2;
-
-	return 1;
-}
-
-static int
-pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-{
-	RSA_PKEY_CTX *dctx, *sctx;
-
-	if (!pkey_rsa_init(dst))
-		return 0;
-	sctx = src->data;
-	dctx = dst->data;
-	dctx->nbits = sctx->nbits;
-	if (sctx->pub_exp) {
-		dctx->pub_exp = BN_dup(sctx->pub_exp);
-		if (!dctx->pub_exp)
-			return 0;
-	}
-	dctx->pad_mode = sctx->pad_mode;
-	dctx->md = sctx->md;
-	return 1;
-}
-
-static int
-setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
-{
-	if (ctx->tbuf)
-		return 1;
-	ctx->tbuf = malloc(EVP_PKEY_size(pk->pkey));
-	if (!ctx->tbuf)
-		return 0;
-	return 1;
-}
-
-static void
-pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
-{
-	RSA_PKEY_CTX *rctx = ctx->data;
-
-	if (rctx) {
-		BN_free(rctx->pub_exp);
-		free(rctx->tbuf);
-		free(rctx);
-	}
-}
-
-static int
-pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-    const unsigned char *tbs, size_t tbslen)
-{
-	int ret;
-	RSA_PKEY_CTX *rctx = ctx->data;
-	RSA *rsa = ctx->pkey->pkey.rsa;
-
-	if (rctx->md) {
-		if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
-			RSAerr(RSA_F_PKEY_RSA_SIGN,
-			    RSA_R_INVALID_DIGEST_LENGTH);
-			return -1;
-		}
-
-		if (rctx->pad_mode == RSA_X931_PADDING) {
-			if (!setup_tbuf(rctx, ctx))
-				return -1;
-			memcpy(rctx->tbuf, tbs, tbslen);
-			rctx->tbuf[tbslen] =
-			    RSA_X931_hash_id(EVP_MD_type(rctx->md));
-			ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, sig,
-			    rsa, RSA_X931_PADDING);
-		} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
-			unsigned int sltmp;
-
-			ret = RSA_sign(EVP_MD_type(rctx->md), tbs, tbslen, sig,
-			    &sltmp, rsa);
-			if (ret <= 0)
-				return ret;
-			ret = sltmp;
-		} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
-			if (!setup_tbuf(rctx, ctx))
-				return -1;
-			if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf,
-			    tbs, rctx->md, rctx->mgf1md, rctx->saltlen))
-				return -1;
-			ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
-			    sig, rsa, RSA_NO_PADDING);
-		} else
-			return -1;
-	} else
-		ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
-		    rctx->pad_mode);
-	if (ret < 0)
-		return ret;
-	*siglen = ret;
-	return 1;
-}
-
-static int
-pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen,
-    const unsigned char *sig, size_t siglen)
-{
-	int ret;
-	RSA_PKEY_CTX *rctx = ctx->data;
-
-	if (rctx->md) {
-		if (rctx->pad_mode == RSA_X931_PADDING) {
-			if (!setup_tbuf(rctx, ctx))
-				return -1;
-			ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
-			    ctx->pkey->pkey.rsa, RSA_X931_PADDING);
-			if (ret < 1)
-				return 0;
-			ret--;
-			if (rctx->tbuf[ret] !=
-				RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
-				RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
-				    RSA_R_ALGORITHM_MISMATCH);
-				return 0;
-			}
-			if (ret != EVP_MD_size(rctx->md)) {
-				RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
-				    RSA_R_INVALID_DIGEST_LENGTH);
-				return 0;
-			}
-			if (rout)
-				memcpy(rout, rctx->tbuf, ret);
-		} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
-			size_t sltmp;
-
-			ret = int_rsa_verify(EVP_MD_type(rctx->md), NULL, 0,
-			    rout, &sltmp, sig, siglen, ctx->pkey->pkey.rsa);
-			if (ret <= 0)
-				return 0;
-			ret = sltmp;
-		} else
-			return -1;
-	} else
-		ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
-		    rctx->pad_mode);
-	if (ret < 0)
-		return ret;
-	*routlen = ret;
-	return 1;
-}
-
-static int
-pkey_rsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
-    const unsigned char *tbs, size_t tbslen)
-{
-	RSA_PKEY_CTX *rctx = ctx->data;
-	RSA *rsa = ctx->pkey->pkey.rsa;
-	size_t rslen;
-
-	if (rctx->md) {
-		if (rctx->pad_mode == RSA_PKCS1_PADDING)
-			return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
-			    sig, siglen, rsa);
-		if (rctx->pad_mode == RSA_X931_PADDING) {
-			if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig,
-			    siglen) <= 0)
-				return 0;
-		} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
-			int ret;
-
-			if (!setup_tbuf(rctx, ctx))
-				return -1;
-			ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
-			    rsa, RSA_NO_PADDING);
-			if (ret <= 0)
-				return 0;
-			ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, rctx->md,
-			    rctx->mgf1md, rctx->tbuf, rctx->saltlen);
-			if (ret <= 0)
-				return 0;
-			return 1;
-		} else
-			return -1;
-	} else {
-		if (!setup_tbuf(rctx, ctx))
-			return -1;
-		rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa,
-		    rctx->pad_mode);
-		if (rslen == 0)
-			return 0;
-	}
-
-	if (rslen != tbslen || memcmp(tbs, rctx->tbuf, rslen))
-		return 0;
-
-	return 1;
-}
-
-static int
-pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-    const unsigned char *in, size_t inlen)
-{
-	int ret;
-	RSA_PKEY_CTX *rctx = ctx->data;
-
-	ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
-	    rctx->pad_mode);
-	if (ret < 0)
-		return ret;
-	*outlen = ret;
-	return 1;
-}
-
-static int
-pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-    const unsigned char *in, size_t inlen)
-{
-	int ret;
-	RSA_PKEY_CTX *rctx = ctx->data;
-
-	ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
-	    rctx->pad_mode);
-	if (ret < 0)
-		return ret;
-	*outlen = ret;
-	return 1;
-}
-
-static int
-check_padding_md(const EVP_MD *md, int padding)
-{
-	if (!md)
-		return 1;
-
-	if (padding == RSA_NO_PADDING) {
-		RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
-		return 0;
-	}
-
-	if (padding == RSA_X931_PADDING) {
-		if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) {
-			RSAerr(RSA_F_CHECK_PADDING_MD,
-			    RSA_R_INVALID_X931_DIGEST);
-			return 0;
-		}
-		return 1;
-	}
-
-	return 1;
-}
-
-static int
-pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-{
-	RSA_PKEY_CTX *rctx = ctx->data;
-
-	switch (type) {
-	case EVP_PKEY_CTRL_RSA_PADDING:
-		if (p1 >= RSA_PKCS1_PADDING && p1 <= RSA_PKCS1_PSS_PADDING) {
-			if (!check_padding_md(rctx->md, p1))
-				return 0;
-			if (p1 == RSA_PKCS1_PSS_PADDING) {
-				if (!(ctx->operation &
-				    (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
-					goto bad_pad;
-				if (!rctx->md)
-					rctx->md = EVP_sha1();
-			}
-			if (p1 == RSA_PKCS1_OAEP_PADDING) {
-				if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
-					goto bad_pad;
-				if (!rctx->md)
-					rctx->md = EVP_sha1();
-			}
-			rctx->pad_mode = p1;
-			return 1;
-		}
-bad_pad:
-		RSAerr(RSA_F_PKEY_RSA_CTRL,
-		    RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
-		return -2;
-
-	case EVP_PKEY_CTRL_GET_RSA_PADDING:
-		*(int *)p2 = rctx->pad_mode;
-		return 1;
-
-	case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
-	case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
-		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
-			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
-			return -2;
-		}
-		if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
-			*(int *)p2 = rctx->saltlen;
-		else {
-			if (p1 < -2)
-				return -2;
-			rctx->saltlen = p1;
-		}
-		return 1;
-
-	case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
-		if (p1 < 256) {
-			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
-			return -2;
-		}
-		rctx->nbits = p1;
-		return 1;
-
-	case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
-		if (!p2)
-			return -2;
-		rctx->pub_exp = p2;
-		return 1;
-
-	case EVP_PKEY_CTRL_MD:
-		if (!check_padding_md(p2, rctx->pad_mode))
-			return 0;
-		rctx->md = p2;
-		return 1;
-
-	case EVP_PKEY_CTRL_RSA_MGF1_MD:
-	case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
-		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
-			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
-			return -2;
-		}
-		if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
-			if (rctx->mgf1md)
-				*(const EVP_MD **)p2 = rctx->mgf1md;
-			else
-				*(const EVP_MD **)p2 = rctx->md;
-		} else
-			rctx->mgf1md = p2;
-		return 1;
-
-	case EVP_PKEY_CTRL_DIGESTINIT:
-	case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
-	case EVP_PKEY_CTRL_PKCS7_DECRYPT:
-	case EVP_PKEY_CTRL_PKCS7_SIGN:
-		return 1;
-#ifndef OPENSSL_NO_CMS
-	case EVP_PKEY_CTRL_CMS_DECRYPT:
-		{
-			X509_ALGOR *alg = NULL;
-			ASN1_OBJECT *encalg = NULL;
-
-			if (p2)
-				CMS_RecipientInfo_ktri_get0_algs(p2, NULL,
-				    NULL, &alg);
-			if (alg)
-				X509_ALGOR_get0(&encalg, NULL, NULL, alg);
-			if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
-				rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
-		}
-		/* FALLTHROUGH */
-
-	case EVP_PKEY_CTRL_CMS_ENCRYPT:
-	case EVP_PKEY_CTRL_CMS_SIGN:
-		return 1;
-#endif
-	case EVP_PKEY_CTRL_PEER_KEY:
-		RSAerr(RSA_F_PKEY_RSA_CTRL,
-		    RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-
-	default:
-		return -2;
-	}
-}
-
-static int
-pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
-{
-	long lval;
-	char *ep;
-
-	if (!value) {
-		RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
-		return 0;
-	}
-	if (!strcmp(type, "rsa_padding_mode")) {
-		int pm;
-		if (!strcmp(value, "pkcs1"))
-			pm = RSA_PKCS1_PADDING;
-		else if (!strcmp(value, "sslv23"))
-			pm = RSA_SSLV23_PADDING;
-		else if (!strcmp(value, "none"))
-			pm = RSA_NO_PADDING;
-		else if (!strcmp(value, "oeap"))
-			pm = RSA_PKCS1_OAEP_PADDING;
-		else if (!strcmp(value, "oaep"))
-			pm = RSA_PKCS1_OAEP_PADDING;
-		else if (!strcmp(value, "x931"))
-			pm = RSA_X931_PADDING;
-		else if (!strcmp(value, "pss"))
-			pm = RSA_PKCS1_PSS_PADDING;
-		else {
-			RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
-			    RSA_R_UNKNOWN_PADDING_TYPE);
-			return -2;
-		}
-		return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
-	}
-
-	if (!strcmp(type, "rsa_pss_saltlen")) {
-		int saltlen;
-
-		errno = 0;
-		lval = strtol(value, &ep, 10);
-		if (value[0] == '\0' || *ep != '\0')
-			goto not_a_number;
-		if ((errno == ERANGE &&
-		    (lval == LONG_MAX || lval == LONG_MIN)) ||
-		    (lval > INT_MAX || lval < INT_MIN))
-			goto out_of_range;
-		saltlen = lval;
-		return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
-	}
-
-	if (!strcmp(type, "rsa_keygen_bits")) {
-		int nbits;
-
-		errno = 0;
-		lval = strtol(value, &ep, 10);
-		if (value[0] == '\0' || *ep != '\0')
-			goto not_a_number;
-		if ((errno == ERANGE &&
-		    (lval == LONG_MAX || lval == LONG_MIN)) ||
-		    (lval > INT_MAX || lval < INT_MIN))
-			goto out_of_range;
-		nbits = lval;
-		return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
-	}
-
-	if (!strcmp(type, "rsa_keygen_pubexp")) {
-		int ret;
-		BIGNUM *pubexp = NULL;
-
-		if (!BN_asc2bn(&pubexp, value))
-			return 0;
-		ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
-		if (ret <= 0)
-			BN_free(pubexp);
-		return ret;
-	}
-
-not_a_number:
-out_of_range:
-	return -2;
-}
-
-static int
-pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-	RSA *rsa = NULL;
-	RSA_PKEY_CTX *rctx = ctx->data;
-	BN_GENCB *pcb, cb;
-	int ret;
-
-	if (!rctx->pub_exp) {
-		rctx->pub_exp = BN_new();
-		if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
-			return 0;
-	}
-	rsa = RSA_new();
-	if (!rsa)
-		return 0;
-	if (ctx->pkey_gencb) {
-		pcb = &cb;
-		evp_pkey_set_cb_translate(pcb, ctx);
-	} else
-		pcb = NULL;
-	ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
-	if (ret > 0)
-		EVP_PKEY_assign_RSA(pkey, rsa);
-	else
-		RSA_free(rsa);
-	return ret;
-}
-
-const EVP_PKEY_METHOD rsa_pkey_meth = {
-	.pkey_id = EVP_PKEY_RSA,
-	.flags = EVP_PKEY_FLAG_AUTOARGLEN,
-
-	.init = pkey_rsa_init,
-	.copy = pkey_rsa_copy,
-	.cleanup = pkey_rsa_cleanup,
-
-	.keygen = pkey_rsa_keygen,
-
-	.sign = pkey_rsa_sign,
-
-	.verify = pkey_rsa_verify,
-
-	.verify_recover = pkey_rsa_verifyrecover,
-
-	.encrypt = pkey_rsa_encrypt,
-
-	.decrypt = pkey_rsa_decrypt,
-
-	.ctrl = pkey_rsa_ctrl,
-	.ctrl_str = pkey_rsa_ctrl_str
-};
diff --git a/lib/libssl/src/crypto/rsa/rsa_prn.c b/lib/libssl/src/crypto/rsa/rsa_prn.c
deleted file mode 100644
index db82dab5be1..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_prn.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/* $OpenBSD: rsa_prn.c,v 1.6 2014/07/11 08:44:49 jsing Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-
-int
-RSA_print_fp(FILE *fp, const RSA *x, int off)
-{
-	BIO *b;
-	int ret;
-
-	if ((b = BIO_new(BIO_s_file())) == NULL) {
-		RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB);
-		return 0;
-	}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = RSA_print(b, x, off);
-	BIO_free(b);
-	return ret;
-}
-
-int
-RSA_print(BIO *bp, const RSA *x, int off)
-{
-	EVP_PKEY *pk;
-	int ret;
-
-	pk = EVP_PKEY_new();
-	if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
-		return 0;
-	ret = EVP_PKEY_print_private(bp, pk, off, NULL);
-	EVP_PKEY_free(pk);
-	return ret;
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_pss.c b/lib/libssl/src/crypto/rsa/rsa_pss.c
deleted file mode 100644
index 5e137a30901..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_pss.c
+++ /dev/null
@@ -1,289 +0,0 @@
-/* $OpenBSD: rsa_pss.c,v 1.11 2014/10/22 13:02:04 jsing Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/sha.h>
-
-static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
-
-int
-RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, const EVP_MD *Hash,
-    const unsigned char *EM, int sLen)
-{
-	return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen);
-}
-
-int
-RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
-    const EVP_MD *Hash, const EVP_MD *mgf1Hash, const unsigned char *EM,
-    int sLen)
-{
-	int i;
-	int ret = 0;
-	int hLen, maskedDBLen, MSBits, emLen;
-	const unsigned char *H;
-	unsigned char *DB = NULL;
-	EVP_MD_CTX ctx;
-	unsigned char H_[EVP_MAX_MD_SIZE];
-
-	EVP_MD_CTX_init(&ctx);
-
-	if (mgf1Hash == NULL)
-		mgf1Hash = Hash;
-
-	hLen = EVP_MD_size(Hash);
-	if (hLen < 0)
-		goto err;
-	/*
-	 * Negative sLen has special meanings:
-	 *	-1	sLen == hLen
-	 *	-2	salt length is autorecovered from signature
-	 *	-N	reserved
-	 */
-	if (sLen == -1)
-		sLen = hLen;
-	else if (sLen == -2)
-		sLen = -2;
-	else if (sLen < -2) {
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
-		    RSA_R_SLEN_CHECK_FAILED);
-		goto err;
-	}
-
-	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
-	emLen = RSA_size(rsa);
-	if (EM[0] & (0xFF << MSBits)) {
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
-		    RSA_R_FIRST_OCTET_INVALID);
-		goto err;
-	}
-	if (MSBits == 0) {
-		EM++;
-		emLen--;
-	}
-	if (emLen < (hLen + sLen + 2)) {
-		/* sLen can be small negative */
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
-		goto err;
-	}
-	if (EM[emLen - 1] != 0xbc) {
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
-		    RSA_R_LAST_OCTET_INVALID);
-		goto err;
-	}
-	maskedDBLen = emLen - hLen - 1;
-	H = EM + maskedDBLen;
-	DB = malloc(maskedDBLen);
-	if (!DB) {
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
-		goto err;
-	for (i = 0; i < maskedDBLen; i++)
-		DB[i] ^= EM[i];
-	if (MSBits)
-		DB[0] &= 0xFF >> (8 - MSBits);
-	for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++)
-		;
-	if (DB[i++] != 0x1) {
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
-		    RSA_R_SLEN_RECOVERY_FAILED);
-		goto err;
-	}
-	if (sLen >= 0 && (maskedDBLen - i) != sLen) {
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
-		    RSA_R_SLEN_CHECK_FAILED);
-		goto err;
-	}
-	if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ||
-	    !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) ||
-	    !EVP_DigestUpdate(&ctx, mHash, hLen))
-		goto err;
-	if (maskedDBLen - i) {
-		if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i))
-			goto err;
-	}
-	if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
-		goto err;
-	if (memcmp(H_, H, hLen)) {
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
-		ret = 0;
-	} else
-		ret = 1;
-
-err:
-	free(DB);
-	EVP_MD_CTX_cleanup(&ctx);
-
-	return ret;
-}
-
-int
-RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
-    const unsigned char *mHash, const EVP_MD *Hash, int sLen)
-{
-	return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen);
-}
-
-int
-RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
-    const unsigned char *mHash, const EVP_MD *Hash, const EVP_MD *mgf1Hash,
-    int sLen)
-{
-	int i;
-	int ret = 0;
-	int hLen, maskedDBLen, MSBits, emLen;
-	unsigned char *H, *salt = NULL, *p;
-	EVP_MD_CTX ctx;
-
-	EVP_MD_CTX_init(&ctx);
-
-	if (mgf1Hash == NULL)
-		mgf1Hash = Hash;
-
-	hLen = EVP_MD_size(Hash);
-	if (hLen < 0)
-		goto err;
-	/*
-	 * Negative sLen has special meanings:
-	 *	-1	sLen == hLen
-	 *	-2	salt length is maximized
-	 *	-N	reserved
-	 */
-	if (sLen == -1)
-		sLen = hLen;
-	else if (sLen == -2)
-		sLen = -2;
-	else if (sLen < -2) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
-		    RSA_R_SLEN_CHECK_FAILED);
-		goto err;
-	}
-
-	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
-	emLen = RSA_size(rsa);
-	if (MSBits == 0) {
-		*EM++ = 0;
-		emLen--;
-	}
-	if (sLen == -2)
-		sLen = emLen - hLen - 2;
-	else if (emLen < (hLen + sLen + 2)) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
-		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		goto err;
-	}
-	if (sLen > 0) {
-		salt = malloc(sLen);
-		if (!salt) {
-			RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
-			    ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		arc4random_buf(salt, sLen);
-	}
-	maskedDBLen = emLen - hLen - 1;
-	H = EM + maskedDBLen;
-	if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ||
-	    !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) ||
-	    !EVP_DigestUpdate(&ctx, mHash, hLen))
-		goto err;
-	if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen))
-		goto err;
-	if (!EVP_DigestFinal_ex(&ctx, H, NULL))
-		goto err;
-
-	/* Generate dbMask in place then perform XOR on it */
-	if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
-		goto err;
-
-	p = EM;
-
-	/*
-	 * Initial PS XORs with all zeroes which is a NOP so just update
-	 * pointer. Note from a test above this value is guaranteed to
-	 * be non-negative.
-	 */
-	p += emLen - sLen - hLen - 2;
-	*p++ ^= 0x1;
-	if (sLen > 0) {
-		for (i = 0; i < sLen; i++)
-			*p++ ^= salt[i];
-	}
-	if (MSBits)
-		EM[0] &= 0xFF >> (8 - MSBits);
-
-	/* H is already in place so just set final 0xbc */
-	EM[emLen - 1] = 0xbc;
-
-	ret = 1;
-
-err:
-	free(salt);
-	EVP_MD_CTX_cleanup(&ctx);
-
-	return ret;
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_saos.c b/lib/libssl/src/crypto/rsa/rsa_saos.c
deleted file mode 100644
index 5dbc10dbb20..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_saos.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/* $OpenBSD: rsa_saos.c,v 1.19 2015/09/30 18:41:06 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-
-int
-RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len,
-    unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-{
-	ASN1_OCTET_STRING sig;
-	int i, j, ret = 1;
-	unsigned char *p, *s;
-
-	sig.type = V_ASN1_OCTET_STRING;
-	sig.length = m_len;
-	sig.data = (unsigned char *)m;
-
-	i = i2d_ASN1_OCTET_STRING(&sig, NULL);
-	j = RSA_size(rsa);
-	if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
-		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,
-		    RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-		return 0;
-	}
-	s = malloc(j + 1);
-	if (s == NULL) {
-		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	p = s;
-	i2d_ASN1_OCTET_STRING(&sig, &p);
-	i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
-	if (i <= 0)
-		ret = 0;
-	else
-		*siglen = i;
-
-	explicit_bzero(s, (unsigned int)j + 1);
-	free(s);
-	return ret;
-}
-
-int
-RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
-    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
-{
-	int i, ret = 0;
-	unsigned char *s;
-	const unsigned char *p;
-	ASN1_OCTET_STRING *sig = NULL;
-
-	if (siglen != (unsigned int)RSA_size(rsa)) {
-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
-		    RSA_R_WRONG_SIGNATURE_LENGTH);
-		return 0;
-	}
-
-	s = malloc(siglen);
-	if (s == NULL) {
-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
-		    ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
-
-	if (i <= 0)
-		goto err;
-
-	p = s;
-	sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i);
-	if (sig == NULL)
-		goto err;
-
-	if ((unsigned int)sig->length != m_len ||
-	    memcmp(m, sig->data, m_len) != 0) {
-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
-		    RSA_R_BAD_SIGNATURE);
-	} else
-		ret = 1;
-err:
-	ASN1_OCTET_STRING_free(sig);
-	if (s != NULL) {
-		explicit_bzero(s, (unsigned int)siglen);
-		free(s);
-	}
-	return ret;
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_sign.c b/lib/libssl/src/crypto/rsa/rsa_sign.c
deleted file mode 100644
index 7be08f544b0..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/* $OpenBSD: rsa_sign.c,v 1.25 2015/09/10 15:56:25 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-
-#include "rsa_locl.h"
-
-/* Size of an SSL signature: MD5+SHA1 */
-#define SSL_SIG_LENGTH	36
-
-int
-RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-    unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-{
-	X509_SIG sig;
-	ASN1_TYPE parameter;
-	int i, j, ret = 1;
-	unsigned char *p, *tmps = NULL;
-	const unsigned char *s = NULL;
-	X509_ALGOR algor;
-	ASN1_OCTET_STRING digest;
-
-	if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
-		return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
-
-	/* Special case: SSL signature, just check the length */
-	if (type == NID_md5_sha1) {
-		if (m_len != SSL_SIG_LENGTH) {
-			RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
-			return 0;
-		}
-		i = SSL_SIG_LENGTH;
-		s = m;
-	} else {
-		sig.algor = &algor;
-		sig.algor->algorithm = OBJ_nid2obj(type);
-		if (sig.algor->algorithm == NULL) {
-			RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
-			return 0;
-		}
-		if (sig.algor->algorithm->length == 0) {
-			RSAerr(RSA_F_RSA_SIGN,
-			    RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-			return 0;
-		}
-		parameter.type = V_ASN1_NULL;
-		parameter.value.ptr = NULL;
-		sig.algor->parameter = &parameter;
-
-		sig.digest = &digest;
-		sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */
-		sig.digest->length = m_len;
-
-		i = i2d_X509_SIG(&sig, NULL);
-	}
-	j = RSA_size(rsa);
-	if (i > j - RSA_PKCS1_PADDING_SIZE) {
-		RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-		return 0;
-	}
-	if (type != NID_md5_sha1) {
-		tmps = malloc(j + 1);
-		if (tmps == NULL) {
-			RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		p = tmps;
-		i2d_X509_SIG(&sig, &p);
-		s = tmps;
-	}
-	i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
-	if (i <= 0)
-		ret = 0;
-	else
-		*siglen = i;
-
-	if (type != NID_md5_sha1) {
-		explicit_bzero(tmps, (unsigned int)j + 1);
-		free(tmps);
-	}
-	return (ret);
-}
-
-int
-int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
-    unsigned char *rm, size_t *prm_len, const unsigned char *sigbuf,
-    size_t siglen, RSA *rsa)
-{
-	int i, ret = 0, sigtype;
-	unsigned char *s;
-	X509_SIG *sig = NULL;
-
-	if (siglen != (unsigned int)RSA_size(rsa)) {
-		RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
-		return 0;
-	}
-
-	if ((dtype == NID_md5_sha1) && rm) {
-		i = RSA_public_decrypt((int)siglen, sigbuf, rm, rsa,
-		    RSA_PKCS1_PADDING);
-		if (i <= 0)
-			return 0;
-		*prm_len = i;
-		return 1;
-	}
-
-	s = malloc(siglen);
-	if (s == NULL) {
-		RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
-		RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
-		goto err;
-	}
-	i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
-
-	if (i <= 0)
-		goto err;
-
-	/* Special case: SSL signature */
-	if (dtype == NID_md5_sha1) {
-		if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
-			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-		else
-			ret = 1;
-	} else {
-		const unsigned char *p = s;
-
-		sig = d2i_X509_SIG(NULL, &p, (long)i);
-
-		if (sig == NULL)
-			goto err;
-
-		/* Excess data can be used to create forgeries */
-		if (p != s + i) {
-			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-			goto err;
-		}
-
-		/* Parameters to the signature algorithm can also be used to
-		   create forgeries */
-		if (sig->algor->parameter &&
-		    ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
-			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-			goto err;
-		}
-
-		sigtype = OBJ_obj2nid(sig->algor->algorithm);
-
-		if (sigtype != dtype) {
-			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
-			goto err;
-		}
-		if (rm) {
-			const EVP_MD *md;
-
-			md = EVP_get_digestbynid(dtype);
-			if (md && (EVP_MD_size(md) != sig->digest->length))
-				RSAerr(RSA_F_INT_RSA_VERIFY,
-				    RSA_R_INVALID_DIGEST_LENGTH);
-			else {
-				memcpy(rm, sig->digest->data,
-				    sig->digest->length);
-				*prm_len = sig->digest->length;
-				ret = 1;
-			}
-		} else if ((unsigned int)sig->digest->length != m_len ||
-		    memcmp(m, sig->digest->data, m_len) != 0) {
-			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-		} else
-			ret = 1;
-	}
-err:
-	if (sig != NULL)
-		X509_SIG_free(sig);
-	if (s != NULL) {
-		explicit_bzero(s, (unsigned int)siglen);
-		free(s);
-	}
-	return ret;
-}
-
-int
-RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
-    const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
-{
-	if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
-		return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen,
-		    rsa);
-
-	return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_ssl.c b/lib/libssl/src/crypto/rsa/rsa_ssl.c
deleted file mode 100644
index 73262f29c16..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_ssl.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* $OpenBSD: rsa_ssl.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-int
-RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
-    int flen)
-{
-	int i, j;
-	unsigned char *p;
-
-	if (flen > tlen - 11) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
-		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return 0;
-	}
-
-	p = (unsigned char *)to;
-
-	*(p++) = 0;
-	*(p++) = 2; /* Public Key BT (Block Type) */
-
-	/* pad out with non-zero random data */
-	j = tlen - 3 - 8 - flen;
-
-	arc4random_buf(p, j);
-	for (i = 0; i < j; i++) {
-		while (*p == '\0')
-			arc4random_buf(p, 1);
-		p++;
-	}
-
-	memset(p, 3, 8);
-	p += 8;
-	*(p++) = '\0';
-
-	memcpy(p, from, flen);
-	return 1;
-}
-
-int
-RSA_padding_check_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
-    int flen, int num)
-{
-	int i, j, k;
-	const unsigned char *p;
-
-	p = from;
-	if (flen < 10) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
-		return -1;
-	}
-	if (num != flen + 1 || *(p++) != 02) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
-		    RSA_R_BLOCK_TYPE_IS_NOT_02);
-		return -1;
-	}
-
-	/* scan over padding data */
-	j = flen - 1; /* one for type */
-	for (i = 0; i < j; i++)
-		if (*(p++) == 0)
-			break;
-
-	if (i == j || i < 8) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
-		    RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		return -1;
-	}
-	for (k = -9; k < -1; k++) {
-		if (p[k] !=  0x03)
-			break;
-	}
-	if (k == -1) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
-		    RSA_R_SSLV3_ROLLBACK_ATTACK);
-		return -1;
-	}
-
-	i++; /* Skip over the '\0' */
-	j -= i;
-	if (j > tlen) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
-		return -1;
-	}
-	memcpy(to, p, j);
-
-	return j;
-}
diff --git a/lib/libssl/src/crypto/rsa/rsa_x931.c b/lib/libssl/src/crypto/rsa/rsa_x931.c
deleted file mode 100644
index 2993b4028da..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa_x931.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/* $OpenBSD: rsa_x931.c,v 1.9 2014/10/18 17:20:40 jsing Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/rsa.h>
-
-int
-RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *from,
-    int flen)
-{
-	int j;
-	unsigned char *p;
-
-	/*
-	 * Absolute minimum amount of padding is 1 header nibble, 1 padding
-	 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
-	 */
-	j = tlen - flen - 2;
-
-	if (j < 0) {
-		RSAerr(RSA_F_RSA_PADDING_ADD_X931,
-		    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return -1;
-	}
-
-	p = (unsigned char *)to;
-
-	/* If no padding start and end nibbles are in one byte */
-	if (j == 0)
-		*p++ = 0x6A;
-	else {
-		*p++ = 0x6B;
-		if (j > 1) {
-			memset(p, 0xBB, j - 1);
-			p += j - 1;
-		}
-		*p++ = 0xBA;
-	}
-	memcpy(p, from, flen);
-	p += flen;
-	*p = 0xCC;
-	return 1;
-}
-
-int
-RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
-    int flen, int num)
-{
-	int i = 0, j;
-	const unsigned char *p = from;
-
-	if (num != flen || (*p != 0x6A && *p != 0x6B)) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER);
-		return -1;
-	}
-
-	if (*p++ == 0x6B) {
-		j = flen - 3;
-		for (i = 0; i < j; i++) {
-			unsigned char c = *p++;
-			if (c == 0xBA)
-				break;
-			if (c != 0xBB) {
-				RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
-				    RSA_R_INVALID_PADDING);
-				return -1;
-			}
-		}
-
-		if (i == 0) {
-			RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
-			    RSA_R_INVALID_PADDING);
-			return -1;
-		}
-
-		j -= i;
-	} else
-		j = flen - 2;
-
-	if (j < 0 || p[j] != 0xCC) {
-		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
-		return -1;
-	}
-
-	memcpy(to, p, j);
-
-	return j;
-}
-
-/* Translate between X931 hash ids and NIDs */
-
-int
-RSA_X931_hash_id(int nid)
-{
-	switch (nid) {
-	case NID_sha1:
-		return 0x33;
-	case NID_sha256:
-		return 0x34;
-	case NID_sha384:
-		return 0x36;
-	case NID_sha512:
-		return 0x35;
-	}
-
-	return -1;
-}