275 files changed, 2400 insertions, 3892 deletions

diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
index c847b471d6..9ba77d6958 100644
--- a/src/lib/libcrypto/asn1/a_bitstr.c
+++ b/src/lib/libcrypto/asn1/a_bitstr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_bitstr.c,v 1.23 2015/09/29 13:54:40 jsing Exp $ */
+/* $OpenBSD: a_bitstr.c,v 1.24 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -176,7 +176,7 @@ c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **pp, long len)
         return (ret);
 
 err:
-        ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
+        ASN1error(i);
         if ((ret != NULL) && ((a == NULL) || (*a != ret)))
                 ASN1_BIT_STRING_free(ret);
         return (NULL);
@@ -206,7 +206,7 @@ ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
                         return(1); /* Don't need to set */
                 c = OPENSSL_realloc_clean(a->data, a->length, w + 1);
                 if (c == NULL) {
-                        ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 if (w + 1 - a->length > 0)
diff --git a/src/lib/libcrypto/asn1/a_bool.c b/src/lib/libcrypto/asn1/a_bool.c
index d5a0c0c8a4..e8469bec65 100644
--- a/src/lib/libcrypto/asn1/a_bool.c
+++ b/src/lib/libcrypto/asn1/a_bool.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_bool.c,v 1.7 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: a_bool.c,v 1.8 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -110,6 +110,6 @@ d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
         return (ret);
 
 err:
-        ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i);
+        ASN1error(i);
         return (ret);
 }
diff --git a/src/lib/libcrypto/asn1/a_bytes.c b/src/lib/libcrypto/asn1/a_bytes.c
index 727ad3ed9b..f3fe234851 100644
--- a/src/lib/libcrypto/asn1/a_bytes.c
+++ b/src/lib/libcrypto/asn1/a_bytes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_bytes.c,v 1.18 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: a_bytes.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -123,7 +123,7 @@ d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
         return (ret);
 
 err:
-        ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i);
+        ASN1error(i);
         if (a == NULL || *a != ret)
                 ASN1_STRING_free(ret);
         return (NULL);
@@ -235,7 +235,7 @@ d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
 err:
         if (a == NULL || *a != ret)
                 ASN1_STRING_free(ret);
-        ASN1err(ASN1_F_D2I_ASN1_BYTES, i);
+        ASN1error(i);
         return (NULL);
 }
 
@@ -299,7 +299,7 @@ asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
         return (1);
 
 err:
-        ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
+        ASN1error(c->error);
         ASN1_STRING_free(os);
         free(b.data);
         return (0);
diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c
index c00b304c61..390a1072d5 100644
--- a/src/lib/libcrypto/asn1/a_d2i_fp.c
+++ b/src/lib/libcrypto/asn1/a_d2i_fp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_d2i_fp.c,v 1.15 2016/05/20 15:46:21 bcook Exp $ */
+/* $OpenBSD: a_d2i_fp.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -74,7 +74,7 @@ ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
         void *ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
+                ASN1error(ERR_R_BUF_LIB);
                 return (NULL);
         }
         BIO_set_fp(b, in, BIO_NOCLOSE);
@@ -134,7 +134,7 @@ ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
         char *ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
+                ASN1error(ERR_R_BUF_LIB);
                 return (NULL);
         }
         BIO_set_fp(b, in, BIO_NOCLOSE);
@@ -159,7 +159,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 
         b = BUF_MEM_new();
         if (b == NULL) {
-                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return -1;
         }
 
@@ -170,20 +170,17 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 
                         if (len + want < len ||
                             !BUF_MEM_grow_clean(b, len + want)) {
-                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-                                    ERR_R_MALLOC_FAILURE);
+                                ASN1error(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         i = BIO_read(in, &(b->data[len]), want);
                         if ((i < 0) && ((len - off) == 0)) {
-                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-                                    ASN1_R_NOT_ENOUGH_DATA);
+                                ASN1error(ASN1_R_NOT_ENOUGH_DATA);
                                 goto err;
                         }
                         if (i > 0) {
                                 if (len + i < len) {
-                                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-                                            ASN1_R_TOO_LONG);
+                                        ASN1error(ASN1_R_TOO_LONG);
                                         goto err;
                                 }
                                 len += i;
@@ -211,8 +208,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                         /* no data body so go round again */
                         eos++;
                         if (eos < 0) {
-                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-                                    ASN1_R_HEADER_TOO_LONG);
+                                ASN1error(ASN1_R_HEADER_TOO_LONG);
                                 goto err;
                         }
                         want = HEADER_SIZE;
@@ -232,8 +228,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                                 want -= (len - off);
                                 if (want > INT_MAX /* BIO_read takes an int length */ ||
                                     len+want < len) {
-                                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-                                            ASN1_R_TOO_LONG);
+                                        ASN1error(ASN1_R_TOO_LONG);
                                         goto err;
                                 }
                                 while (want > 0) {
@@ -246,16 +241,14 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                                         size_t chunk = want > chunk_max ? chunk_max : want;
 
                                         if (!BUF_MEM_grow_clean(b, len + chunk)) {
-                                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-                                                    ERR_R_MALLOC_FAILURE);
+                                                ASN1error(ERR_R_MALLOC_FAILURE);
                                                 goto err;
                                         }
                                         want -= chunk;
                                         while (chunk > 0) {
                                                 i = BIO_read(in, &(b->data[len]), chunk);
                                                 if (i <= 0) {
-                                                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-                                                            ASN1_R_NOT_ENOUGH_DATA);
+                                                        ASN1error(ASN1_R_NOT_ENOUGH_DATA);
                                                         goto err;
                                                 }
                                                 /*
@@ -270,7 +263,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                                 }
                         }
                         if (off + c.slen < off) {
-                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                                ASN1error(ASN1_R_TOO_LONG);
                                 goto err;
                         }
                         off += c.slen;
@@ -282,7 +275,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
         }
 
         if (off > INT_MAX) {
-                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                ASN1error(ASN1_R_TOO_LONG);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/asn1/a_dup.c b/src/lib/libcrypto/asn1/a_dup.c
index 79cd1d4586..2e17a1e219 100644
--- a/src/lib/libcrypto/asn1/a_dup.c
+++ b/src/lib/libcrypto/asn1/a_dup.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_dup.c,v 1.13 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: a_dup.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -77,7 +77,7 @@ ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
         i = i2d(x, NULL);
         b = malloc(i + 10);
         if (b == NULL) {
-                ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         p = b;
@@ -108,7 +108,7 @@ ASN1_item_dup(const ASN1_ITEM *it, void *x)
 
         i = ASN1_item_i2d(x, &b, it);
         if (b == NULL) {
-                ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         p = b;
diff --git a/src/lib/libcrypto/asn1/a_enum.c b/src/lib/libcrypto/asn1/a_enum.c
index 142f6ed575..23875958bf 100644
--- a/src/lib/libcrypto/asn1/a_enum.c
+++ b/src/lib/libcrypto/asn1/a_enum.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_enum.c,v 1.17 2015/09/30 18:45:56 jsing Exp $ */
+/* $OpenBSD: a_enum.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -81,7 +81,7 @@ ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
                 a->data = calloc(1, sizeof(long) + 1);
         }
         if (a->data == NULL) {
-                ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
         d = v;
@@ -144,7 +144,7 @@ BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
         else
                 ret = ai;
         if (ret == NULL) {
-                ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR);
+                ASN1error(ERR_R_NESTED_ASN1_ERROR);
                 goto err;
         }
         if (BN_is_negative(bn))
@@ -156,7 +156,7 @@ BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
         if (ret->length < len + 4) {
                 unsigned char *new_data = realloc(ret->data, len + 4);
                 if (!new_data) {
-                        ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 ret->data = new_data;
@@ -182,7 +182,7 @@ ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
         BIGNUM *ret;
 
         if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
-                ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB);
+                ASN1error(ASN1_R_BN_LIB);
         else if (ai->type == V_ASN1_NEG_ENUMERATED)
                 BN_set_negative(ret, 1);
         return (ret);
diff --git a/src/lib/libcrypto/asn1/a_i2d_fp.c b/src/lib/libcrypto/asn1/a_i2d_fp.c
index 424068d784..6398978aac 100644
--- a/src/lib/libcrypto/asn1/a_i2d_fp.c
+++ b/src/lib/libcrypto/asn1/a_i2d_fp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_i2d_fp.c,v 1.14 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: a_i2d_fp.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -71,7 +71,7 @@ ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
+                ASN1error(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, out, BIO_NOCLOSE);
@@ -90,7 +90,7 @@ ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
         n = i2d(x, NULL);
         b = malloc(n);
         if (b == NULL) {
-                ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
 
@@ -121,7 +121,7 @@ ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
+                ASN1error(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, out, BIO_NOCLOSE);
@@ -138,7 +138,7 @@ ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
 
         n = ASN1_item_i2d(x, &b, it);
         if (b == NULL) {
-                ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
 
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
index 5c0103ba36..95d0f6dbb2 100644
--- a/src/lib/libcrypto/asn1/a_int.c
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_int.c,v 1.30 2015/09/30 17:30:15 jsing Exp $ */
+/* $OpenBSD: a_int.c,v 1.31 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -266,7 +266,7 @@ c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long len)
         return (ret);
 
 err:
-        ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
+        ASN1error(i);
         if (a == NULL || *a != ret)
                 ASN1_INTEGER_free(ret);
         return (NULL);
@@ -332,7 +332,7 @@ d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length)
         return (ret);
 
 err:
-        ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
+        ASN1error(i);
         if (a == NULL || *a != ret)
                 ASN1_INTEGER_free(ret);
         return (NULL);
@@ -353,7 +353,7 @@ ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
                 a->data = calloc(1, sizeof(long) + 1);
         }
         if (a->data == NULL) {
-                ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
         d = v;
@@ -416,7 +416,7 @@ BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
         else
                 ret = ai;
         if (ret == NULL) {
-                ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
+                ASN1error(ERR_R_NESTED_ASN1_ERROR);
                 goto err;
         }
         if (BN_is_negative(bn))
@@ -428,7 +428,7 @@ BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
         if (ret->length < len + 4) {
                 unsigned char *new_data = realloc(ret->data, len + 4);
                 if (!new_data) {
-                        ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 ret->data = new_data;
@@ -454,7 +454,7 @@ ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
         BIGNUM *ret;
 
         if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
-                ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB);
+                ASN1error(ASN1_R_BN_LIB);
         else if (ai->type == V_ASN1_NEG_INTEGER)
                 BN_set_negative(ret, 1);
         return (ret);
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
index e715fe7348..b7cfba379a 100644
--- a/src/lib/libcrypto/asn1/a_mbstr.c
+++ b/src/lib/libcrypto/asn1/a_mbstr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_mbstr.c,v 1.22 2015/07/16 02:18:58 miod Exp $ */
+/* $OpenBSD: a_mbstr.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -113,8 +113,7 @@ ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
         switch (inform) {
         case MBSTRING_BMP:
                 if (len & 1) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-                            ASN1_R_INVALID_BMPSTRING_LENGTH);
+                        ASN1error(ASN1_R_INVALID_BMPSTRING_LENGTH);
                         return -1;
                 }
                 nchar = len >> 1;
@@ -122,8 +121,7 @@ ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
 
         case MBSTRING_UNIV:
                 if (len & 3) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-                            ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+                        ASN1error(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
                         return -1;
                 }
                 nchar = len >> 2;
@@ -134,8 +132,7 @@ ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
                 /* This counts the characters and does utf8 syntax checking */
                 ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
                 if (ret < 0) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-                            ASN1_R_INVALID_UTF8STRING);
+                        ASN1error(ASN1_R_INVALID_UTF8STRING);
                         return -1;
                 }
                 break;
@@ -145,25 +142,25 @@ ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
                 break;
 
         default:
-                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
+                ASN1error(ASN1_R_UNKNOWN_FORMAT);
                 return -1;
         }
 
         if ((minsize > 0) && (nchar < minsize)) {
-                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
+                ASN1error(ASN1_R_STRING_TOO_SHORT);
                 ERR_asprintf_error_data("minsize=%ld", minsize);
                 return -1;
         }
 
         if ((maxsize > 0) && (nchar > maxsize)) {
-                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
+                ASN1error(ASN1_R_STRING_TOO_LONG);
                 ERR_asprintf_error_data("maxsize=%ld", maxsize);
                 return -1;
         }
 
         /* Now work out minimal type (if any) */
         if (traverse_string(in, len, inform, type_str, &mask) < 0) {
-                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
+                ASN1error(ASN1_R_ILLEGAL_CHARACTERS);
                 return -1;
         }
 
@@ -201,8 +198,7 @@ ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
                 free_out = 1;
                 dest = ASN1_STRING_type_new(str_type);
                 if (!dest) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-                            ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         return -1;
                 }
                 *out = dest;
@@ -210,8 +206,7 @@ ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
         /* If both the same type just copy across */
         if (inform == outform) {
                 if (!ASN1_STRING_set(dest, in, len)) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-                            ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 return str_type;
@@ -237,15 +232,14 @@ ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
         case MBSTRING_UTF8:
                 outlen = 0;
                 if (traverse_string(in, len, inform, out_utf8, &outlen) < 0) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-                            ASN1_R_ILLEGAL_CHARACTERS);
+                        ASN1error(ASN1_R_ILLEGAL_CHARACTERS);
                         goto err;
                 }
                 cpyfunc = cpy_utf8;
                 break;
         }
         if (!(p = malloc(outlen + 1))) {
-                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         dest->length = outlen;
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
index 44694d2ba7..711b01f149 100644
--- a/src/lib/libcrypto/asn1/a_object.c
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_object.c,v 1.28 2016/11/06 17:04:48 bcook Exp $ */
+/* $OpenBSD: a_object.c,v 1.29 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -109,12 +109,12 @@ a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
         if ((c >= '0') && (c <= '2')) {
                 first= c-'0';
         } else {
-                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
+                ASN1error(ASN1_R_FIRST_NUM_TOO_LARGE);
                 goto err;
         }
 
         if (num <= 0) {
-                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
+                ASN1error(ASN1_R_MISSING_SECOND_NUMBER);
                 goto err;
         }
         c = *(p++);
@@ -123,8 +123,7 @@ a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                 if (num <= 0)
                         break;
                 if ((c != '.') && (c != ' ')) {
-                        ASN1err(ASN1_F_A2D_ASN1_OBJECT,
-                            ASN1_R_INVALID_SEPARATOR);
+                        ASN1error(ASN1_R_INVALID_SEPARATOR);
                         goto err;
                 }
                 l = 0;
@@ -137,8 +136,7 @@ a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                         if ((c == ' ') || (c == '.'))
                                 break;
                         if ((c < '0') || (c > '9')) {
-                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,
-                                    ASN1_R_INVALID_DIGIT);
+                                ASN1error(ASN1_R_INVALID_DIGIT);
                                 goto err;
                         }
                         if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
@@ -157,8 +155,7 @@ a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                 }
                 if (len == 0) {
                         if ((first < 2) && (l >= 40)) {
-                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,
-                                    ASN1_R_SECOND_NUMBER_TOO_LARGE);
+                                ASN1error(ASN1_R_SECOND_NUMBER_TOO_LARGE);
                                 goto err;
                         }
                         if (use_bn) {
@@ -194,8 +191,7 @@ a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                 }
                 if (out != NULL) {
                         if (len + i > olen) {
-                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,
-                                    ASN1_R_BUFFER_TOO_SMALL);
+                                ASN1error(ASN1_R_BUFFER_TOO_SMALL);
                                 goto err;
                         }
                         while (--i > 0)
@@ -277,7 +273,7 @@ d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long length)
         return ret;
 
 err:
-        ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
+        ASN1error(i);
         return (NULL);
 }
 
@@ -297,7 +293,7 @@ c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
          */
         if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
             p[len - 1] & 0x80) {
-                ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+                ASN1error(ASN1_R_INVALID_OBJECT_ENCODING);
                 return (NULL);
         }
 
@@ -305,8 +301,7 @@ c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
         length = (int)len;
         for (i = 0; i < length; i++, p++) {
                 if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
-                        ASN1err(ASN1_F_C2I_ASN1_OBJECT,
-                            ASN1_R_INVALID_OBJECT_ENCODING);
+                        ASN1error(ASN1_R_INVALID_OBJECT_ENCODING);
                         return (NULL);
                 }
         }
@@ -330,7 +325,7 @@ c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
 
         data = malloc(length);
         if (data == NULL) {
-                ASN1err(ASN1_F_C2I_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -362,7 +357,7 @@ ASN1_OBJECT_new(void)
 
         ret = malloc(sizeof(ASN1_OBJECT));
         if (ret == NULL) {
-                ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         ret->length = 0;
diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c
index 63d55c3714..4d5cae337b 100644
--- a/src/lib/libcrypto/asn1/a_set.c
+++ b/src/lib/libcrypto/asn1/a_set.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_set.c,v 1.17 2015/03/19 14:00:22 tedu Exp $ */
+/* $OpenBSD: a_set.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -125,7 +125,7 @@ i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, i2d_of_void *i2d,
         /* In this array we will store the SET blobs */
         rgSetBlob = reallocarray(NULL, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB));
         if (rgSetBlob == NULL) {
-                ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
@@ -146,7 +146,7 @@ i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, i2d_of_void *i2d,
         qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
         if ((pTempMem = malloc(totSize)) == NULL) {
                 free(rgSetBlob);
-                ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
@@ -175,7 +175,7 @@ d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, const unsigned char **pp, long length,
 
         if (a == NULL || (*a) == NULL) {
                 if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
-                        ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         } else
@@ -188,15 +188,15 @@ d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, const unsigned char **pp, long length,
         if (c.inf & 0x80)
                 goto err;
         if (ex_class != c.xclass) {
-                ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
+                ASN1error(ASN1_R_BAD_CLASS);
                 goto err;
         }
         if (ex_tag != c.tag) {
-                ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
+                ASN1error(ASN1_R_BAD_TAG);
                 goto err;
         }
         if (c.slen + c.p > c.max) {
-                ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
+                ASN1error(ASN1_R_LENGTH_ERROR);
                 goto err;
         }
         /* check for infinite constructed - it can be as long
@@ -211,8 +211,7 @@ d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, const unsigned char **pp, long length,
                 if (M_ASN1_D2I_end_sequence())
                         break;
                 if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
-                        ASN1err(ASN1_F_D2I_ASN1_SET,
-                            ASN1_R_ERROR_PARSING_SET_ELEMENT);
+                        ASN1error(ASN1_R_ERROR_PARSING_SET_ELEMENT);
                         asn1_add_error(*pp, (int)(c.p - *pp));
                         goto err;
                 }
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
index 195daa3b9f..4e545eb719 100644
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_sign.c,v 1.21 2015/09/10 15:56:24 jsing Exp $ */
+/* $OpenBSD: a_sign.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -153,8 +153,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
         pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
 
         if (!type || !pkey) {
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
-                    ASN1_R_CONTEXT_NOT_INITIALISED);
+                ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
                 return 0;
         }
 
@@ -170,7 +169,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                  *   3: ASN1 method sets algorithm identifiers: just sign.
                  */
                 if (rv <= 0)
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
+                        ASN1error(ERR_R_EVP_LIB);
                 if (rv <= 1)
                         goto err;
         } else
@@ -181,8 +180,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                         if (!pkey->ameth ||
                             !OBJ_find_sigid_by_algs(&signid,
                                 EVP_MD_nid(type), pkey->ameth->pkey_id)) {
-                                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
-                                    ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+                                ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
                                 return 0;
                         }
                 } else
@@ -207,14 +205,14 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
         buf_out = malloc(outl);
         if ((buf_in == NULL) || (buf_out == NULL)) {
                 outl = 0;
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         if (!EVP_DigestSignUpdate(ctx, buf_in, inl) ||
             !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
                 outl = 0;
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
+                ASN1error(ERR_R_EVP_LIB);
                 goto err;
         }
         free(signature->data);
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index f325d91924..0585f7050b 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_strnid.c,v 1.20 2017/01/21 04:31:25 jsing Exp $ */
+/* $OpenBSD: a_strnid.c,v 1.21 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -258,14 +258,13 @@ ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask,
         if (!stable)
                 stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
         if (!stable) {
-                ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         if (!(tmp = ASN1_STRING_TABLE_get(nid))) {
                 tmp = malloc(sizeof(ASN1_STRING_TABLE));
                 if (!tmp) {
-                        ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
-                            ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 tmp->flags = flags | STABLE_FLAGS_MALLOC;
@@ -280,8 +279,7 @@ ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask,
         if (new_nid) {
                 if (sk_ASN1_STRING_TABLE_push(stable, tmp) == 0) {
                         free(tmp);
-                        ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
-                            ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
         }
diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c
index fcd3acf9c8..b2f65045b5 100644
--- a/src/lib/libcrypto/asn1/a_time_tm.c
+++ b/src/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_tm.c,v 1.10 2016/11/04 18:07:23 beck Exp $ */
+/* $OpenBSD: a_time_tm.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
 /*
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
  *
@@ -267,8 +267,7 @@ ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec,
                 return (NULL);
         }
         if (p == NULL) {
-                ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ,
-                    ASN1_R_ILLEGAL_TIME_VALUE);
+                ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
                 return (NULL);
         }
 
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index 12b76501e0..8f8e58c095 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_verify.c,v 1.22 2015/09/10 15:56:24 jsing Exp $ */
+/* $OpenBSD: a_verify.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -82,14 +82,13 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
         int mdnid, pknid;
 
         if (!pkey) {
-                ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+                ASN1error(ERR_R_PASSED_NULL_PARAMETER);
                 return -1;
         }
 
         if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
         {
-                ASN1err(ASN1_F_ASN1_VERIFY,
-                    ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+                ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
                 return -1;
         }
 
@@ -97,14 +96,12 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 
         /* Convert signature OID into digest and public key OIDs */
         if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
-                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
-                    ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+                ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
                 goto err;
         }
         if (mdnid == NID_undef) {
                 if (!pkey->ameth || !pkey->ameth->item_verify) {
-                        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
-                            ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+                        ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
                         goto err;
                 }
                 ret = pkey->ameth->item_verify(&ctx, it, asn, a,
@@ -120,20 +117,18 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                 const EVP_MD *type;
                 type = EVP_get_digestbynid(mdnid);
                 if (type == NULL) {
-                        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
-                            ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                        ASN1error(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
                         goto err;
                 }
 
                 /* Check public key OID matches public key type */
                 if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
-                        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
-                            ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+                        ASN1error(ASN1_R_WRONG_PUBLIC_KEY_TYPE);
                         goto err;
                 }
 
                 if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
-                        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+                        ASN1error(ERR_R_EVP_LIB);
                         ret = 0;
                         goto err;
                 }
@@ -143,12 +138,12 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
         inl = ASN1_item_i2d(asn, &buf_in, it);
 
         if (buf_in == NULL) {
-                ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) {
-                ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+                ASN1error(ERR_R_EVP_LIB);
                 ret = 0;
                 goto err;
         }
@@ -158,7 +153,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 
         if (EVP_DigestVerifyFinal(&ctx, signature->data,
             (size_t)signature->length) <= 0) {
-                ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+                ASN1error(ERR_R_EVP_LIB);
                 ret = 0;
                 goto err;
         }
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index 8fd5cf6765..0c827a9236 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_err.c,v 1.19 2015/02/15 14:35:30 miod Exp $ */
+/* $OpenBSD: asn1_err.c,v 1.20 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -72,127 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
 
 static ERR_STRING_DATA ASN1_str_functs[] = {
-        {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
-        {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
-        {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
-        {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
-        {ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"},
-        {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
-        {ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"},
-        {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
-        {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
-        {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
-        {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
-        {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
-        {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"},
-        {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
-        {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
-        {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
-        {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
-        {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
-        {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"},
-        {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
-        {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"},
-        {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
-        {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
-        {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
-        {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"},
-        {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
-        {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
-        {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
-        {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX), "ASN1_item_sign_ctx"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"},
-        {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
-        {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
-        {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
-        {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"},
-        {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
-        {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"},
-        {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"},
-        {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
-        {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
-        {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
-        {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"},
-        {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
-        {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
-        {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
-        {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
-        {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
-        {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"},
-        {ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"},
-        {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
-        {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"},
-        {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
-        {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
-        {ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"},
-        {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
-        {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
-        {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
-        {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"},
-        {ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"},
-        {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
-        {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
-        {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
-        {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
-        {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
-        {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
-        {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "D2I_ASN1_HEADER"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
-        {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
-        {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"},
-        {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
-        {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
-        {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
-        {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
-        {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
-        {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
-        {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
-        {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
-        {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
-        {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
-        {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
-        {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
-        {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
-        {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
-        {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
-        {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
-        {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
-        {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
-        {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
-        {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
-        {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"},
-        {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"},
-        {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
-        {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
-        {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"},
-        {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
-        {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
-        {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
-        {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
-        {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
-        {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"},
-        {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"},
-        {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"},
-        {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
-        {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/asn1/asn1_gen.c b/src/lib/libcrypto/asn1/asn1_gen.c
index e899337b6f..f84cc6136b 100644
--- a/src/lib/libcrypto/asn1/asn1_gen.c
+++ b/src/lib/libcrypto/asn1/asn1_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_gen.c,v 1.15 2015/12/12 21:03:52 beck Exp $ */
+/* $OpenBSD: asn1_gen.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2002.
  */
@@ -160,8 +160,7 @@ ASN1_generate_v3(char *str, X509V3_CTX *cnf)
         if ((asn1_tags.utype == V_ASN1_SEQUENCE) ||
             (asn1_tags.utype == V_ASN1_SET)) {
                 if (!cnf) {
-                        ASN1err(ASN1_F_ASN1_GENERATE_V3,
-                            ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
+                        ASN1error(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
                         return NULL;
                 }
                 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
@@ -290,7 +289,7 @@ asn1_cb(const char *elem, int len, void *bitstr)
         utype = asn1_str2tag(elem, len);
 
         if (utype == -1) {
-                ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
+                ASN1error(ASN1_R_UNKNOWN_TAG);
                 ERR_asprintf_error_data("tag=%s", elem);
                 return -1;
         }
@@ -301,7 +300,7 @@ asn1_cb(const char *elem, int len, void *bitstr)
                 arg->str = vstart;
                 /* If no value and not end of string, error */
                 if (!vstart && elem[len]) {
-                        ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
+                        ASN1error(ASN1_R_MISSING_VALUE);
                         return -1;
                 }
                 return 0;
@@ -312,7 +311,7 @@ asn1_cb(const char *elem, int len, void *bitstr)
         case ASN1_GEN_FLAG_IMP:
                 /* Check for illegal multiple IMPLICIT tagging */
                 if (arg->imp_tag != -1) {
-                        ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
+                        ASN1error(ASN1_R_ILLEGAL_NESTED_TAGGING);
                         return -1;
                 }
                 if (!parse_tagging(vstart, vlen, &arg->imp_tag,
@@ -349,7 +348,7 @@ asn1_cb(const char *elem, int len, void *bitstr)
 
         case ASN1_GEN_FLAG_FORMAT:
                 if (vstart == NULL) {
-                        ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_FORMAT);
+                        ASN1error(ASN1_R_ILLEGAL_FORMAT);
                         return -1;
                 }
                 if (!strncmp(vstart, "ASCII", 5))
@@ -361,7 +360,7 @@ asn1_cb(const char *elem, int len, void *bitstr)
                 else if (!strncmp(vstart, "BITLIST", 7))
                         arg->format = ASN1_GEN_FORMAT_BITLIST;
                 else {
-                        ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
+                        ASN1error(ASN1_R_UNKOWN_FORMAT);
                         return -1;
                 }
                 break;
@@ -384,7 +383,7 @@ parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
         if (eptr && *eptr && (eptr > vstart + vlen))
                 return 0;
         if (tag_num < 0) {
-                ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
+                ASN1error(ASN1_R_INVALID_NUMBER);
                 return 0;
         }
         *ptag = tag_num;
@@ -413,7 +412,7 @@ parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
                         break;
 
                 default:
-                        ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
+                        ASN1error(ASN1_R_INVALID_MODIFIER);
                         ERR_asprintf_error_data("Char=%c", *eptr);
                         return 0;
                         break;
@@ -497,12 +496,12 @@ append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed,
 
         /* Can only have IMPLICIT if permitted */
         if ((arg->imp_tag != -1) && !imp_ok) {
-                ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
+                ASN1error(ASN1_R_ILLEGAL_IMPLICIT_TAG);
                 return 0;
         }
 
         if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
-                ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
+                ASN1error(ASN1_R_DEPTH_EXCEEDED);
                 return 0;
         }
 
@@ -614,7 +613,7 @@ asn1_str2type(const char *str, int format, int utype)
         int no_unused = 1;
 
         if (!(atmp = ASN1_TYPE_new())) {
-                ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -625,22 +624,21 @@ asn1_str2type(const char *str, int format, int utype)
 
         case V_ASN1_NULL:
                 if (str && *str) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE,
-                            ASN1_R_ILLEGAL_NULL_VALUE);
+                        ASN1error(ASN1_R_ILLEGAL_NULL_VALUE);
                         goto bad_form;
                 }
                 break;
 
         case V_ASN1_BOOLEAN:
                 if (format != ASN1_GEN_FORMAT_ASCII) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
+                        ASN1error(ASN1_R_NOT_ASCII_FORMAT);
                         goto bad_form;
                 }
                 vtmp.name = NULL;
                 vtmp.section = NULL;
                 vtmp.value = (char *)str;
                 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
+                        ASN1error(ASN1_R_ILLEGAL_BOOLEAN);
                         goto bad_str;
                 }
                 break;
@@ -648,25 +646,23 @@ asn1_str2type(const char *str, int format, int utype)
         case V_ASN1_INTEGER:
         case V_ASN1_ENUMERATED:
                 if (format != ASN1_GEN_FORMAT_ASCII) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE,
-                            ASN1_R_INTEGER_NOT_ASCII_FORMAT);
+                        ASN1error(ASN1_R_INTEGER_NOT_ASCII_FORMAT);
                         goto bad_form;
                 }
                 if (!(atmp->value.integer =
                     s2i_ASN1_INTEGER(NULL, (char *)str))) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
+                        ASN1error(ASN1_R_ILLEGAL_INTEGER);
                         goto bad_str;
                 }
                 break;
 
         case V_ASN1_OBJECT:
                 if (format != ASN1_GEN_FORMAT_ASCII) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE,
-                            ASN1_R_OBJECT_NOT_ASCII_FORMAT);
+                        ASN1error(ASN1_R_OBJECT_NOT_ASCII_FORMAT);
                         goto bad_form;
                 }
                 if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
+                        ASN1error(ASN1_R_ILLEGAL_OBJECT);
                         goto bad_str;
                 }
                 break;
@@ -674,22 +670,20 @@ asn1_str2type(const char *str, int format, int utype)
         case V_ASN1_UTCTIME:
         case V_ASN1_GENERALIZEDTIME:
                 if (format != ASN1_GEN_FORMAT_ASCII) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE,
-                            ASN1_R_TIME_NOT_ASCII_FORMAT);
+                        ASN1error(ASN1_R_TIME_NOT_ASCII_FORMAT);
                         goto bad_form;
                 }
                 if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         goto bad_str;
                 }
                 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         goto bad_str;
                 }
                 atmp->value.asn1_string->type = utype;
                 if (!ASN1_TIME_check(atmp->value.asn1_string)) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE,
-                            ASN1_R_ILLEGAL_TIME_VALUE);
+                        ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
                         goto bad_str;
                 }
                 break;
@@ -709,14 +703,14 @@ asn1_str2type(const char *str, int format, int utype)
                 else if (format == ASN1_GEN_FORMAT_UTF8)
                         format = MBSTRING_UTF8;
                 else {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
+                        ASN1error(ASN1_R_ILLEGAL_FORMAT);
                         goto bad_form;
                 }
 
                 if (ASN1_mbstring_copy(&atmp->value.asn1_string,
                     (unsigned char *)str, -1, format,
                     ASN1_tag2bit(utype)) <= 0) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         goto bad_str;
                 }
                 break;
@@ -724,15 +718,14 @@ asn1_str2type(const char *str, int format, int utype)
         case V_ASN1_BIT_STRING:
         case V_ASN1_OCTET_STRING:
                 if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         goto bad_form;
                 }
 
                 if (format == ASN1_GEN_FORMAT_HEX) {
 
                         if (!(rdata = string_to_hex((char *)str, &rdlen))) {
-                                ASN1err(ASN1_F_ASN1_STR2TYPE,
-                                    ASN1_R_ILLEGAL_HEX);
+                                ASN1error(ASN1_R_ILLEGAL_HEX);
                                 goto bad_str;
                         }
 
@@ -743,23 +736,20 @@ asn1_str2type(const char *str, int format, int utype)
                 } else if (format == ASN1_GEN_FORMAT_ASCII) {
                         if (ASN1_STRING_set(atmp->value.asn1_string, str,
                             -1) == 0) {
-                                ASN1err(ASN1_F_ASN1_STR2TYPE,
-                                    ERR_R_MALLOC_FAILURE);
+                                ASN1error(ERR_R_MALLOC_FAILURE);
                                 goto bad_str;
                         }
                 } else if ((format == ASN1_GEN_FORMAT_BITLIST) &&
                     (utype == V_ASN1_BIT_STRING)) {
                         if (!CONF_parse_list(str, ',', 1, bitstr_cb,
                             atmp->value.bit_string)) {
-                                ASN1err(ASN1_F_ASN1_STR2TYPE,
-                                    ASN1_R_LIST_ERROR);
+                                ASN1error(ASN1_R_LIST_ERROR);
                                 goto bad_str;
                         }
                         no_unused = 0;
 
                 } else {
-                        ASN1err(ASN1_F_ASN1_STR2TYPE,
-                            ASN1_R_ILLEGAL_BITSTRING_FORMAT);
+                        ASN1error(ASN1_R_ILLEGAL_BITSTRING_FORMAT);
                         goto bad_form;
                 }
 
@@ -773,7 +763,7 @@ asn1_str2type(const char *str, int format, int utype)
                 break;
 
         default:
-                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
+                ASN1error(ASN1_R_UNSUPPORTED_TYPE);
                 goto bad_str;
                 break;
         }
@@ -800,11 +790,11 @@ bitstr_cb(const char *elem, int len, void *bitstr)
         if (eptr && *eptr && (eptr != elem + len))
                 return 0;
         if (bitnum < 0) {
-                ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
+                ASN1error(ASN1_R_INVALID_NUMBER);
                 return 0;
         }
         if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
-                ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         return 1;
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index 444a34c072..a90873d54a 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.37 2016/03/06 18:05:00 beck Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.38 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -140,7 +140,7 @@ ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
                 goto err;
 
         if (*plength > (omax - (p - *pp))) {
-                ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
+                ASN1error(ASN1_R_TOO_LONG);
                 /* Set this so that even if things are not long enough
                  * the values are set correctly */
                 ret |= 0x80;
@@ -149,7 +149,7 @@ ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
         return (ret | inf);
 
 err:
-        ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
+        ASN1error(ASN1_R_HEADER_TOO_LONG);
         return (0x80);
 }
 
@@ -385,7 +385,7 @@ ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
                 unsigned char *tmp;
                 tmp = realloc(str->data, len + 1);
                 if (tmp == NULL) {
-                        ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         return (0);
                 }
                 str->data = tmp;
@@ -421,7 +421,7 @@ ASN1_STRING_type_new(int type)
 
         ret = malloc(sizeof(ASN1_STRING));
         if (ret == NULL) {
-                ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         ret->length = 0;
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c
index 1d82f1a76f..6bad111775 100644
--- a/src/lib/libcrypto/asn1/asn_mime.c
+++ b/src/lib/libcrypto/asn1/asn_mime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn_mime.c,v 1.26 2015/02/22 15:19:56 jsing Exp $ */
+/* $OpenBSD: asn_mime.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -122,8 +122,7 @@ i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
                 BIO *bio, *tbio;
                 bio = BIO_new_NDEF(out, val, it);
                 if (!bio) {
-                        ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM,
-                            ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 SMIME_crlf_copy(in, bio, flags);
@@ -154,7 +153,7 @@ B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
 
         b64 = BIO_new(BIO_f_base64());
         if (!b64) {
-                ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         /* prepend the b64 BIO so all data is base64 encoded.
@@ -187,13 +186,13 @@ b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
         BIO *b64;
         ASN1_VALUE *val;
         if (!(b64 = BIO_new(BIO_f_base64()))) {
-                ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         bio = BIO_push(b64, bio);
         val = ASN1_item_d2i_bio(it, bio, NULL);
         if (!val)
-                ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
+                ASN1error(ASN1_R_DECODE_ERROR);
         (void)BIO_flush(bio);
         bio = BIO_pop(bio);
         BIO_free(b64);
@@ -388,8 +387,7 @@ asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
         }
 
         if (!aux || !aux->asn1_cb) {
-                ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
-                    ASN1_R_STREAMING_NOT_SUPPORTED);
+                ASN1error(ASN1_R_STREAMING_NOT_SUPPORTED);
                 return 0;
         }
 
@@ -440,13 +438,13 @@ SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
                 *bcont = NULL;
 
         if (!(headers = mime_parse_hdr(bio))) {
-                ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR);
+                ASN1error(ASN1_R_MIME_PARSE_ERROR);
                 return NULL;
         }
 
         if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+                ASN1error(ASN1_R_NO_CONTENT_TYPE);
                 return NULL;
         }
 
@@ -457,15 +455,13 @@ SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
                 prm = mime_param_find(hdr, "boundary");
                 if (!prm || !prm->param_value) {
                         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                        ASN1err(ASN1_F_SMIME_READ_ASN1,
-                            ASN1_R_NO_MULTIPART_BOUNDARY);
+                        ASN1error(ASN1_R_NO_MULTIPART_BOUNDARY);
                         return NULL;
                 }
                 ret = multi_split(bio, prm->param_value, &parts);
                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                 if (!ret || (sk_BIO_num(parts) != 2) ) {
-                        ASN1err(ASN1_F_SMIME_READ_ASN1,
-                            ASN1_R_NO_MULTIPART_BODY_FAILURE);
+                        ASN1error(ASN1_R_NO_MULTIPART_BODY_FAILURE);
                         sk_BIO_pop_free(parts, BIO_vfree);
                         return NULL;
                 }
@@ -474,8 +470,7 @@ SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
                 asnin = sk_BIO_value(parts, 1);
 
                 if (!(headers = mime_parse_hdr(asnin))) {
-                        ASN1err(ASN1_F_SMIME_READ_ASN1,
-                            ASN1_R_MIME_SIG_PARSE_ERROR);
+                        ASN1error(ASN1_R_MIME_SIG_PARSE_ERROR);
                         sk_BIO_pop_free(parts, BIO_vfree);
                         return NULL;
                 }
@@ -486,15 +481,13 @@ SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
                     !hdr->value) {
                         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                         sk_BIO_pop_free(parts, BIO_vfree);
-                        ASN1err(ASN1_F_SMIME_READ_ASN1,
-                            ASN1_R_NO_SIG_CONTENT_TYPE);
+                        ASN1error(ASN1_R_NO_SIG_CONTENT_TYPE);
                         return NULL;
                 }
 
                 if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
                     strcmp(hdr->value, "application/pkcs7-signature")) {
-                        ASN1err(ASN1_F_SMIME_READ_ASN1,
-                            ASN1_R_SIG_INVALID_MIME_TYPE);
+                        ASN1error(ASN1_R_SIG_INVALID_MIME_TYPE);
                         ERR_asprintf_error_data("type: %s", hdr->value);
                         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                         sk_BIO_pop_free(parts, BIO_vfree);
@@ -503,8 +496,7 @@ SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                 /* Read in ASN1 */
                 if (!(val = b64_read_asn1(asnin, it))) {
-                        ASN1err(ASN1_F_SMIME_READ_ASN1,
-                            ASN1_R_ASN1_SIG_PARSE_ERROR);
+                        ASN1error(ASN1_R_ASN1_SIG_PARSE_ERROR);
                         sk_BIO_pop_free(parts, BIO_vfree);
                         return NULL;
                 }
@@ -521,7 +513,7 @@ SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
 
         if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
             strcmp (hdr->value, "application/pkcs7-mime")) {
-                ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE);
+                ASN1error(ASN1_R_INVALID_MIME_TYPE);
                 ERR_asprintf_error_data("type: %s", hdr->value);
                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                 return NULL;
@@ -530,7 +522,7 @@ SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 
         if (!(val = b64_read_asn1(bio, it))) {
-                ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+                ASN1error(ASN1_R_ASN1_PARSE_ERROR);
                 return NULL;
         }
         return val;
@@ -583,16 +575,16 @@ SMIME_text(BIO *in, BIO *out)
         MIME_HEADER *hdr;
 
         if (!(headers = mime_parse_hdr(in))) {
-                ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR);
+                ASN1error(ASN1_R_MIME_PARSE_ERROR);
                 return 0;
         }
         if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-                ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE);
+                ASN1error(ASN1_R_MIME_NO_CONTENT_TYPE);
                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                 return 0;
         }
         if (strcmp (hdr->value, "text/plain")) {
-                ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE);
+                ASN1error(ASN1_R_INVALID_MIME_TYPE);
                 ERR_asprintf_error_data("type: %s", hdr->value);
                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                 return 0;
diff --git a/src/lib/libcrypto/asn1/asn_moid.c b/src/lib/libcrypto/asn1/asn_moid.c
index 76b6405212..7bf493e288 100644
--- a/src/lib/libcrypto/asn1/asn_moid.c
+++ b/src/lib/libcrypto/asn1/asn_moid.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn_moid.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: asn_moid.c,v 1.13 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -79,13 +79,13 @@ oid_module_init(CONF_IMODULE *md, const CONF *cnf)
 
         oid_section = CONF_imodule_get_value(md);
         if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
-                ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+                ASN1error(ASN1_R_ERROR_LOADING_SECTION);
                 return 0;
         }
         for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
                 oval = sk_CONF_VALUE_value(sktmp, i);
                 if (!do_create(oval->value, oval->name)) {
-                        ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+                        ASN1error(ASN1_R_ADDING_OBJECT);
                         return 0;
                 }
         }
diff --git a/src/lib/libcrypto/asn1/asn_pack.c b/src/lib/libcrypto/asn1/asn_pack.c
index 65f4b9bf97..09d150583a 100644
--- a/src/lib/libcrypto/asn1/asn_pack.c
+++ b/src/lib/libcrypto/asn1/asn_pack.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn_pack.c,v 1.15 2015/12/23 20:37:23 mmcc Exp $ */
+/* $OpenBSD: asn_pack.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -77,7 +77,7 @@ ASN1_seq_unpack(const unsigned char *buf, int len, d2i_of_void *d2i,
         pbuf = buf;
         if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
                                         V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
-                ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
+                ASN1error(ASN1_R_DECODE_ERROR);
         return sk;
 }
 
@@ -94,11 +94,11 @@ ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
 
         if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
                                               V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
-                ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
+                ASN1error(ASN1_R_ENCODE_ERROR);
                 return NULL;
         }
         if (!(safe = malloc(safelen))) {
-                ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         p = safe;
@@ -121,7 +121,7 @@ ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
 
         p = oct->data;
         if (!(ret = d2i(NULL, &p, oct->length)))
-                ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+                ASN1error(ASN1_R_DECODE_ERROR);
         return ret;
 }
 
@@ -135,18 +135,18 @@ ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
 
         if (!oct || !*oct) {
                 if (!(octmp = ASN1_STRING_new())) {
-                        ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         return NULL;
                 }
         } else
                 octmp = *oct;
                 
         if (!(octmp->length = i2d(obj, NULL))) {
-                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+                ASN1error(ASN1_R_ENCODE_ERROR);
                 goto err;
         }
         if (!(p = malloc (octmp->length))) {
-                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         octmp->data = p;
@@ -174,7 +174,7 @@ ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 
         if (!oct || !*oct) {
                 if (!(octmp = ASN1_STRING_new ())) {
-                        ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         return NULL;
                 }
         } else
@@ -184,11 +184,11 @@ ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
         octmp->data = NULL;
 
         if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
-                ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
+                ASN1error(ASN1_R_ENCODE_ERROR);
                 goto err;
         }
         if (!octmp->data) {
-                ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (oct)
@@ -210,6 +210,6 @@ ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
 
         p = oct->data;
         if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
-                ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR);
+                ASN1error(ASN1_R_DECODE_ERROR);
         return ret;
 }
diff --git a/src/lib/libcrypto/asn1/bio_ndef.c b/src/lib/libcrypto/asn1/bio_ndef.c
index 1a23c27d04..890b141304 100644
--- a/src/lib/libcrypto/asn1/bio_ndef.c
+++ b/src/lib/libcrypto/asn1/bio_ndef.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_ndef.c,v 1.9 2014/07/25 06:05:32 doug Exp $ */
+/* $OpenBSD: bio_ndef.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -106,7 +106,7 @@ BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
         ASN1_STREAM_ARG sarg;
 
         if (!aux || !aux->asn1_cb) {
-                ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
+                ASN1error(ASN1_R_STREAMING_NOT_SUPPORTED);
                 return NULL;
         }
         ndef_aux = malloc(sizeof(NDEF_SUPPORT));
diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c
index 68d02177c4..7a5880a8cd 100644
--- a/src/lib/libcrypto/asn1/d2i_pr.c
+++ b/src/lib/libcrypto/asn1/d2i_pr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d2i_pr.c,v 1.14 2015/03/19 14:00:22 tedu Exp $ */
+/* $OpenBSD: d2i_pr.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -80,7 +80,7 @@ d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
 
         if ((a == NULL) || (*a == NULL)) {
                 if ((ret = EVP_PKEY_new()) == NULL) {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
+                        ASN1error(ERR_R_EVP_LIB);
                         return (NULL);
                 }
         } else {
@@ -94,7 +94,7 @@ d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
         }
 
         if (!EVP_PKEY_set_type(ret, type)) {
-                ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
                 goto err;
         }
 
@@ -109,7 +109,7 @@ d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
                         ret = EVP_PKCS82PKEY(p8);
                         PKCS8_PRIV_KEY_INFO_free(p8);
                 } else {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+                        ASN1error(ERR_R_ASN1_LIB);
                         goto err;
                 }
         }
@@ -153,8 +153,7 @@ d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length)
 
                 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
                 if (!p8) {
-                        ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
-                            ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                        ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
                         return NULL;
                 }
                 ret = EVP_PKCS82PKEY(p8);
diff --git a/src/lib/libcrypto/asn1/d2i_pu.c b/src/lib/libcrypto/asn1/d2i_pu.c
index e917356254..3750265e7f 100644
--- a/src/lib/libcrypto/asn1/d2i_pu.c
+++ b/src/lib/libcrypto/asn1/d2i_pu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d2i_pu.c,v 1.13 2015/03/19 14:00:22 tedu Exp $ */
+/* $OpenBSD: d2i_pu.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -83,14 +83,14 @@ d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
 
         if ((a == NULL) || (*a == NULL)) {
                 if ((ret = EVP_PKEY_new()) == NULL) {
-                        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+                        ASN1error(ERR_R_EVP_LIB);
                         return (NULL);
                 }
         } else
                 ret = *a;
 
         if (!EVP_PKEY_set_type(ret, type)) {
-                ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+                ASN1error(ERR_R_EVP_LIB);
                 goto err;
         }
 
@@ -99,7 +99,7 @@ d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
         case EVP_PKEY_RSA:
                 if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) ==
                     NULL) {
-                        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+                        ASN1error(ERR_R_ASN1_LIB);
                         goto err;
                 }
                 break;
@@ -107,7 +107,7 @@ d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
 #ifndef OPENSSL_NO_DSA
         case EVP_PKEY_DSA:
                 if (!d2i_DSAPublicKey(&(ret->pkey.dsa), pp, length)) {
-                        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+                        ASN1error(ERR_R_ASN1_LIB);
                         goto err;
                 }
                 break;
@@ -115,13 +115,13 @@ d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
 #ifndef OPENSSL_NO_EC
         case EVP_PKEY_EC:
                 if (!o2i_ECPublicKey(&(ret->pkey.ec), pp, length)) {
-                        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+                        ASN1error(ERR_R_ASN1_LIB);
                         goto err;
                 }
                 break;
 #endif
         default:
-                ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
                 goto err;
                 /* break; */
         }
diff --git a/src/lib/libcrypto/asn1/evp_asn1.c b/src/lib/libcrypto/asn1/evp_asn1.c
index 1f36cebad7..83228bb5d2 100644
--- a/src/lib/libcrypto/asn1/evp_asn1.c
+++ b/src/lib/libcrypto/asn1/evp_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_asn1.c,v 1.18 2015/09/30 19:07:08 jsing Exp $ */
+/* $OpenBSD: evp_asn1.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -87,7 +87,7 @@ ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
 
         if ((a->type != V_ASN1_OCTET_STRING) ||
             (a->value.octet_string == NULL)) {
-                ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+                ASN1error(ASN1_R_DATA_IS_WRONG);
                 return (-1);
         }
         p = ASN1_STRING_data(a->value.octet_string);
@@ -192,8 +192,7 @@ ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
                 memcpy(data, ASN1_STRING_data(os), n);
         if (0) {
 err:
-                ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,
-                    ASN1_R_DATA_IS_WRONG);
+                ASN1error(ASN1_R_DATA_IS_WRONG);
         }
         ASN1_OCTET_STRING_free(os);
         ASN1_INTEGER_free(ai);
diff --git a/src/lib/libcrypto/asn1/f_enum.c b/src/lib/libcrypto/asn1/f_enum.c
index 7f064edb04..64feb97dc4 100644
--- a/src/lib/libcrypto/asn1/f_enum.c
+++ b/src/lib/libcrypto/asn1/f_enum.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: f_enum.c,v 1.14 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: f_enum.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -150,16 +150,14 @@ a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
                 k = 0;
                 i -= again;
                 if (i % 2 != 0) {
-                        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
-                            ASN1_R_ODD_NUMBER_OF_CHARS);
+                        ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS);
                         goto err;
                 }
                 i /= 2;
                 if (num + i > slen) {
                         sp = realloc(s, num + i);
                         if (sp == NULL) {
-                                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
-                                    ERR_R_MALLOC_FAILURE);
+                                ASN1error(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         s = sp;
@@ -175,8 +173,7 @@ a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
                                 else if ((m >= 'A') && (m <= 'F'))
                                         m = m - 'A' + 10;
                                 else {
-                                        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
-                                            ASN1_R_NON_HEX_CHARACTERS);
+                                        ASN1error(ASN1_R_NON_HEX_CHARACTERS);
                                         goto err;
                                 }
                                 s[num + j] <<= 4;
@@ -194,7 +191,7 @@ a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
         return (1);
 
 err_sl:
-        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
+        ASN1error(ASN1_R_SHORT_LINE);
 err:
         free(s);
         return (ret);
diff --git a/src/lib/libcrypto/asn1/f_int.c b/src/lib/libcrypto/asn1/f_int.c
index 0ec29f5769..75168872b3 100644
--- a/src/lib/libcrypto/asn1/f_int.c
+++ b/src/lib/libcrypto/asn1/f_int.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: f_int.c,v 1.17 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: f_int.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -153,16 +153,14 @@ a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
                 k = 0;
                 i -= again;
                 if (i % 2 != 0) {
-                        ASN1err(ASN1_F_A2I_ASN1_INTEGER,
-                            ASN1_R_ODD_NUMBER_OF_CHARS);
+                        ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS);
                         goto err;
                 }
                 i /= 2;
                 if (num + i > slen) {
                         sp = OPENSSL_realloc_clean(s, slen, num + i);
                         if (sp == NULL) {
-                                ASN1err(ASN1_F_A2I_ASN1_INTEGER,
-                                    ERR_R_MALLOC_FAILURE);
+                                ASN1error(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         s = sp;
@@ -178,8 +176,7 @@ a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
                                 else if ((m >= 'A') && (m <= 'F'))
                                         m = m - 'A' + 10;
                                 else {
-                                        ASN1err(ASN1_F_A2I_ASN1_INTEGER,
-                                            ASN1_R_NON_HEX_CHARACTERS);
+                                        ASN1error(ASN1_R_NON_HEX_CHARACTERS);
                                         goto err;
                                 }
                                 s[num + j] <<= 4;
@@ -197,7 +194,7 @@ a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
         return (1);
 
 err_sl:
-        ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
+        ASN1error(ASN1_R_SHORT_LINE);
 err:
         free(s);
         return (ret);
diff --git a/src/lib/libcrypto/asn1/f_string.c b/src/lib/libcrypto/asn1/f_string.c
index 14cd1a906a..138044e063 100644
--- a/src/lib/libcrypto/asn1/f_string.c
+++ b/src/lib/libcrypto/asn1/f_string.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: f_string.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: f_string.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -146,16 +146,14 @@ a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
                 k = 0;
                 i -= again;
                 if (i % 2 != 0) {
-                        ASN1err(ASN1_F_A2I_ASN1_STRING,
-                            ASN1_R_ODD_NUMBER_OF_CHARS);
+                        ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS);
                         goto err;
                 }
                 i /= 2;
                 if (num + i > slen) {
                         sp = realloc(s, num + i);
                         if (sp == NULL) {
-                                ASN1err(ASN1_F_A2I_ASN1_STRING,
-                                    ERR_R_MALLOC_FAILURE);
+                                ASN1error(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         s = sp;
@@ -171,8 +169,7 @@ a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
                                 else if ((m >= 'A') && (m <= 'F'))
                                         m = m - 'A' + 10;
                                 else {
-                                        ASN1err(ASN1_F_A2I_ASN1_STRING,
-                                            ASN1_R_NON_HEX_CHARACTERS);
+                                        ASN1error(ASN1_R_NON_HEX_CHARACTERS);
                                         goto err;
                                 }
                                 s[num + j] <<= 4;
@@ -190,7 +187,7 @@ a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
         return (1);
 
 err_sl:
-        ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
+        ASN1error(ASN1_R_SHORT_LINE);
 err:
         free(s);
         return (ret);
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c
index 5fa34678b6..0b545aeb49 100644
--- a/src/lib/libcrypto/asn1/i2d_pr.c
+++ b/src/lib/libcrypto/asn1/i2d_pr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: i2d_pr.c,v 1.10 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: i2d_pr.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -76,6 +76,6 @@ i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
                 PKCS8_PRIV_KEY_INFO_free(p8);
                 return ret;
         }
-        ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
         return (-1);
 }
diff --git a/src/lib/libcrypto/asn1/i2d_pu.c b/src/lib/libcrypto/asn1/i2d_pu.c
index 6e485ea325..9baa84967b 100644
--- a/src/lib/libcrypto/asn1/i2d_pu.c
+++ b/src/lib/libcrypto/asn1/i2d_pu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: i2d_pu.c,v 1.10 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: i2d_pu.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -92,7 +92,7 @@ i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
                 return (i2o_ECPublicKey(a->pkey.ec, pp));
 #endif
         default:
-                ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
                 return (-1);
         }
 }
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
index 1e73c82d09..d2fabf6e87 100644
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: n_pkey.c,v 1.30 2015/10/16 15:15:39 jsing Exp $ */
+/* $OpenBSD: n_pkey.c,v 1.31 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -260,7 +260,7 @@ i2d_RSA_NET(const RSA *a, unsigned char **pp,
 
         /* Since its RC4 encrypted length is actual length */
         if ((zz = malloc(rsalen)) == NULL) {
-                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -269,12 +269,12 @@ i2d_RSA_NET(const RSA *a, unsigned char **pp,
         i2d_RSAPrivateKey(a, &zz);
 
         if ((zz = malloc(pkeylen)) == NULL) {
-                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
-                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         enckey->enckey->digest->data = zz;
@@ -287,7 +287,7 @@ i2d_RSA_NET(const RSA *a, unsigned char **pp,
                 cb = EVP_read_pw_string;
         i = cb((char *)buf, sizeof(buf), "Enter Private Key password:", 1);
         if (i != 0) {
-                ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
+                ASN1error(ASN1_R_BAD_PASSWORD_READ);
                 goto err;
         }
         i = strlen((char *)buf);
@@ -340,19 +340,18 @@ d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
 
         enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
         if (!enckey) {
-                ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
+                ASN1error(ASN1_R_DECODING_ERROR);
                 return NULL;
         }
 
         /* XXX 11 == strlen("private-key") */
         if (enckey->os->length != 11 ||
             memcmp("private-key", enckey->os->data, 11) != 0) {
-                ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+                ASN1error(ASN1_R_PRIVATE_KEY_HEADER_MISSING);
                 goto err;
         }
         if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
-                ASN1err(ASN1_F_D2I_RSA_NET,
-                    ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+                ASN1error(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
                 goto err;
         }
         if (cb == NULL)
@@ -384,7 +383,7 @@ d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
 
         i=cb((char *)buf, sizeof(buf), "Enter Private Key password:",0);
         if (i != 0) {
-                ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
+                ASN1error(ASN1_R_BAD_PASSWORD_READ);
                 goto err;
         }
 
@@ -411,15 +410,14 @@ d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
         zz = os->data;
 
         if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
-                ASN1err(ASN1_F_D2I_RSA_NET_2,
-                    ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+                ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
                 goto err;
         }
 
         zz = pkey->private_key->data;
         if ((ret = d2i_RSAPrivateKey(a, &zz,
             pkey->private_key->length)) == NULL) {
-                ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+                ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
index e0609e02e9..8fd416a3e5 100644
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbe.c,v 1.21 2016/12/30 16:04:34 jsing Exp $ */
+/* $OpenBSD: p5_pbe.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -127,19 +127,19 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
 
         pbe = PBEPARAM_new();
         if (!pbe) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (iter <= 0)
                 iter = PKCS5_DEFAULT_ITER;
         if (!ASN1_INTEGER_set(pbe->iter, iter)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (!saltlen)
                 saltlen = PKCS5_SALT_LEN;
         if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         sstr = ASN1_STRING_data(pbe->salt);
@@ -149,7 +149,7 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
                 arc4random_buf(sstr, saltlen);
 
         if (!ASN1_item_pack(pbe, &PBEPARAM_it, &pbe_str)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -174,7 +174,7 @@ PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen)
         X509_ALGOR *ret;
         ret = X509_ALGOR_new();
         if (!ret) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 155e2b0b3e..0105c59549 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbev2.c,v 1.24 2016/12/30 16:04:34 jsing Exp $ */
+/* $OpenBSD: p5_pbev2.c,v 1.25 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999-2004.
  */
@@ -193,8 +193,7 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
 
         alg_nid = EVP_CIPHER_type(cipher);
         if (alg_nid == NID_undef) {
-                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
-                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+                ASN1error(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
                 goto err;
         }
         obj = OBJ_nid2obj(alg_nid);
@@ -223,8 +222,7 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
         if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
                 goto err;
         if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
-                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
-                ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+                ASN1error(ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
                 EVP_CIPHER_CTX_cleanup(&ctx);
                 goto err;
         }
@@ -275,7 +273,7 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
         return ret;
 
 merr:
-        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
+        ASN1error(ERR_R_MALLOC_FAILURE);
 
 err:
         PBE2PARAM_free(pbe2);
@@ -367,7 +365,7 @@ PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
         return keyfunc;
 
 merr:
-        ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
+        ASN1error(ERR_R_MALLOC_FAILURE);
         PBKDF2PARAM_free(kdf);
         X509_ALGOR_free(keyfunc);
         return NULL;
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c
index 67116361a5..c8122442bb 100644
--- a/src/lib/libcrypto/asn1/t_crl.c
+++ b/src/lib/libcrypto/asn1/t_crl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t_crl.c,v 1.16 2014/07/12 16:33:25 miod Exp $ */
+/* $OpenBSD: t_crl.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -72,7 +72,7 @@ X509_CRL_print_fp(FILE *fp, X509_CRL *x)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB);
+                X509error(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
index 8db456708a..a9b14fed73 100644
--- a/src/lib/libcrypto/asn1/t_req.c
+++ b/src/lib/libcrypto/asn1/t_req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t_req.c,v 1.18 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: t_req.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -81,7 +81,7 @@ X509_REQ_print_fp(FILE *fp, X509_REQ *x)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB);
+                X509error(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -256,7 +256,7 @@ get_next:
         return (1);
 
 err:
-        X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
+        X509error(ERR_R_BUF_LIB);
         return (0);
 }
 
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
index 1c83fc5608..14cbabedc7 100644
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t_x509.c,v 1.26 2015/02/07 13:19:15 doug Exp $ */
+/* $OpenBSD: t_x509.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -92,7 +92,7 @@ X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
+                X509error(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -530,7 +530,7 @@ X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
         ret = 1;
         if (0) {
 err:
-                X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
+                X509error(ERR_R_BUF_LIB);
         }
         free(b);
         return (ret);
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index de78164995..3f680c60fd 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.33 2016/12/30 16:04:34 jsing Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.34 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -189,8 +189,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                          * template itself.
                          */
                         if ((tag != -1) || opt) {
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                    ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+                                ASN1error(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
                                 goto err;
                         }
                         return asn1_template_ex_d2i(pval, in, len,
@@ -206,8 +205,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                 ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
                     &p, len, -1, 0, 1, ctx);
                 if (!ret) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         goto err;
                 }
 
@@ -216,8 +214,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                         /* If OPTIONAL, assume this is OK */
                         if (opt)
                                 return -1;
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                            ASN1_R_MSTRING_NOT_UNIVERSAL);
+                        ASN1error(ASN1_R_MSTRING_NOT_UNIVERSAL);
                         goto err;
                 }
                 /* Check tag matches bit map */
@@ -225,8 +222,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                         /* If OPTIONAL, assume this is OK */
                         if (opt)
                                 return -1;
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                            ASN1_R_MSTRING_WRONG_TAG);
+                        ASN1error(ASN1_R_MSTRING_WRONG_TAG);
                         goto err;
                 }
                 return asn1_d2i_ex_primitive(pval, in, len,
@@ -252,8 +248,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                                 asn1_set_choice_selector(pval, -1, it);
                         }
                 } else if (!ASN1_item_ex_new(pval, it)) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         goto err;
                 }
                 /* CHOICE type, try each possibility in turn */
@@ -272,8 +267,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                                 break;
                         /* Otherwise must be an ASN1 parsing error */
                         errtt = tt;
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         goto err;
                 }
 
@@ -285,8 +279,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                                 ASN1_item_ex_free(pval, it);
                                 return -1;
                         }
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                            ASN1_R_NO_MATCHING_CHOICE_TYPE);
+                        ASN1error(ASN1_R_NO_MATCHING_CHOICE_TYPE);
                         goto err;
                 }
 
@@ -310,8 +303,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                 ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
                     &p, len, tag, aclass, opt, ctx);
                 if (!ret) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         goto err;
                 } else if (ret == -1)
                         return -1;
@@ -323,14 +315,12 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                 else
                         seq_nolen = seq_eoc;
                 if (!cst) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                            ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+                        ASN1error(ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
                         goto err;
                 }
 
                 if (!*pval && !ASN1_item_ex_new(pval, it)) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         goto err;
                 }
 
@@ -364,8 +354,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                         q = p;
                         if (asn1_check_eoc(&p, len)) {
                                 if (!seq_eoc) {
-                                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                            ASN1_R_UNEXPECTED_EOC);
+                                        ASN1error(ASN1_R_UNEXPECTED_EOC);
                                         goto err;
                                 }
                                 len -= p - q;
@@ -404,13 +393,12 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 
                 /* Check for EOC if expecting one */
                 if (seq_eoc && !asn1_check_eoc(&p, len)) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+                        ASN1error(ASN1_R_MISSING_EOC);
                         goto err;
                 }
                 /* Check all data read */
                 if (!seq_nolen && len) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                            ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+                        ASN1error(ASN1_R_SEQUENCE_LENGTH_MISMATCH);
                         goto err;
                 }
 
@@ -429,14 +417,13 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                                 ASN1_template_free(pseqval, seqtt);
                         } else {
                                 errtt = seqtt;
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                    ASN1_R_FIELD_MISSING);
+                                ASN1error(ASN1_R_FIELD_MISSING);
                                 goto err;
                         }
                 }
                 /* Save encoding */
                 if (!asn1_enc_save(pval, *in, p - *in, it)) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         goto auxerr;
                 }
                 *in = p;
@@ -449,7 +436,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
         }
 
 auxerr:
-        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+        ASN1error(ASN1_R_AUX_ERROR);
 err:
         if (combine == 0)
                 ASN1_item_ex_free(pval, it);
@@ -493,21 +480,18 @@ asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen,
                     &p, inlen, tt->tag, aclass, opt, ctx);
                 q = p;
                 if (!ret) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         return 0;
                 } else if (ret == -1)
                         return -1;
                 if (!cst) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                            ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+                        ASN1error(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
                         return 0;
                 }
                 /* We've found the field so it can't be OPTIONAL now */
                 ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
                 if (!ret) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         return 0;
                 }
                 /* We read the field in OK so update length */
@@ -515,16 +499,14 @@ asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen,
                 if (exp_eoc) {
                         /* If NDEF we must have an EOC here */
                         if (!asn1_check_eoc(&p, len)) {
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                                    ASN1_R_MISSING_EOC);
+                                ASN1error(ASN1_R_MISSING_EOC);
                                 goto err;
                         }
                 } else {
                         /* Otherwise we must hit the EXPLICIT tag end or its
                          * an error */
                         if (len) {
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                                    ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+                                ASN1error(ASN1_R_EXPLICIT_LENGTH_MISMATCH);
                                 goto err;
                         }
                 }
@@ -574,8 +556,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
                 ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
                     &p, len, sktag, skaclass, opt, ctx);
                 if (!ret) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         return 0;
                 } else if (ret == -1)
                         return -1;
@@ -594,8 +575,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
                 }
 
                 if (!*val) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                            ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
 
@@ -606,8 +586,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
                         /* See if EOC found */
                         if (asn1_check_eoc(&p, len)) {
                                 if (!sk_eoc) {
-                                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                                            ASN1_R_UNEXPECTED_EOC);
+                                        ASN1error(ASN1_R_UNEXPECTED_EOC);
                                         goto err;
                                 }
                                 len -= p - q;
@@ -617,21 +596,18 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
                         skfield = NULL;
                         if (!ASN1_item_ex_d2i(&skfield, &p, len,
                             tt->item, -1, 0, 0, ctx)) {
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                                    ERR_R_NESTED_ASN1_ERROR);
+                                ASN1error(ERR_R_NESTED_ASN1_ERROR);
                                 goto err;
                         }
                         len -= p - q;
                         if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
                             skfield)) {
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                                    ERR_R_MALLOC_FAILURE);
+                                ASN1error(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                 }
                 if (sk_eoc) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                            ASN1_R_MISSING_EOC);
+                        ASN1error(ASN1_R_MISSING_EOC);
                         goto err;
                 }
         } else if (flags & ASN1_TFLG_IMPTAG) {
@@ -639,8 +615,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
                 ret = ASN1_item_ex_d2i(val, &p, len,
                     tt->item, tt->tag, aclass, opt, ctx);
                 if (!ret) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         goto err;
                 } else if (ret == -1)
                         return -1;
@@ -649,8 +624,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
                 ret = ASN1_item_ex_d2i(val, &p, len, tt->item,
                     -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
                 if (!ret) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         goto err;
                 } else if (ret == -1)
                         return -1;
@@ -681,7 +655,7 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen,
         buf.data = NULL;
 
         if (!pval) {
-                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+                ASN1error(ASN1_R_ILLEGAL_NULL);
                 return 0; /* Should never happen */
         }
 
@@ -695,21 +669,18 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen,
                 /* If type is ANY need to figure out type from tag */
                 unsigned char oclass;
                 if (tag >= 0) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                            ASN1_R_ILLEGAL_TAGGED_ANY);
+                        ASN1error(ASN1_R_ILLEGAL_TAGGED_ANY);
                         return 0;
                 }
                 if (opt) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                            ASN1_R_ILLEGAL_OPTIONAL_ANY);
+                        ASN1error(ASN1_R_ILLEGAL_OPTIONAL_ANY);
                         return 0;
                 }
                 p = *in;
                 ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
                     &p, inlen, -1, 0, 0, ctx);
                 if (!ret) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                            ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         return 0;
                 }
                 if (oclass != V_ASN1_UNIVERSAL)
@@ -724,7 +695,7 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen,
         ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
             &p, inlen, tag, aclass, opt, ctx);
         if (!ret) {
-                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+                ASN1error(ERR_R_NESTED_ASN1_ERROR);
                 return 0;
         } else if (ret == -1)
                 return -1;
@@ -740,8 +711,7 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen,
                 }
                 /* SEQUENCE and SET must be constructed */
                 else if (!cst) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                            ASN1_R_TYPE_NOT_CONSTRUCTED);
+                        ASN1error(ASN1_R_TYPE_NOT_CONSTRUCTED);
                         return 0;
                 }
 
@@ -770,8 +740,7 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen,
                 len = buf.length;
                 /* Append a final null to string */
                 if (!BUF_MEM_grow_clean(&buf, len + 1)) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                            ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 buf.data[len] = 0;
@@ -836,8 +805,7 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
 
         case V_ASN1_NULL:
                 if (len) {
-                        ASN1err(ASN1_F_ASN1_EX_C2I,
-                            ASN1_R_NULL_IS_WRONG_LENGTH);
+                        ASN1error(ASN1_R_NULL_IS_WRONG_LENGTH);
                         goto err;
                 }
                 *pval = (ASN1_VALUE *)1;
@@ -845,8 +813,7 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
 
         case V_ASN1_BOOLEAN:
                 if (len != 1) {
-                        ASN1err(ASN1_F_ASN1_EX_C2I,
-                            ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+                        ASN1error(ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
                         goto err;
                 } else {
                         ASN1_BOOLEAN *tbool;
@@ -888,21 +855,18 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
         case V_ASN1_SEQUENCE:
         default:
                 if (utype == V_ASN1_BMPSTRING && (len & 1)) {
-                        ASN1err(ASN1_F_ASN1_EX_C2I,
-                            ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+                        ASN1error(ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
                         goto err;
                 }
                 if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) {
-                        ASN1err(ASN1_F_ASN1_EX_C2I,
-                            ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+                        ASN1error(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
                         goto err;
                 }
                 /* All based on ASN1_STRING and handled the same */
                 if (!*pval) {
                         stmp = ASN1_STRING_type_new(utype);
                         if (!stmp) {
-                                ASN1err(ASN1_F_ASN1_EX_C2I,
-                                    ERR_R_MALLOC_FAILURE);
+                                ASN1error(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         *pval = (ASN1_VALUE *)stmp;
@@ -918,8 +882,7 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
                         *free_cont = 0;
                 } else {
                         if (!ASN1_STRING_set(stmp, cont, len)) {
-                                ASN1err(ASN1_F_ASN1_EX_C2I,
-                                    ERR_R_MALLOC_FAILURE);
+                                ASN1error(ERR_R_MALLOC_FAILURE);
                                 ASN1_STRING_free(stmp);
                                 *pval = NULL;
                                 goto err;
@@ -979,7 +942,7 @@ asn1_find_end(const unsigned char **in, long len, char inf)
                 /* Just read in a header: only care about the length */
                 if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
                     -1, 0, 0, NULL)) {
-                        ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         return 0;
                 }
                 if (inf)
@@ -989,7 +952,7 @@ asn1_find_end(const unsigned char **in, long len, char inf)
                 len -= p - q;
         }
         if (expected_eoc) {
-                ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+                ASN1error(ASN1_R_MISSING_EOC);
                 return 0;
         }
         *in = p;
@@ -1033,8 +996,7 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf,
                         /* EOC is illegal outside indefinite length
                          * constructed form */
                         if (!inf) {
-                                ASN1err(ASN1_F_ASN1_COLLECT,
-                                    ASN1_R_UNEXPECTED_EOC);
+                                ASN1error(ASN1_R_UNEXPECTED_EOC);
                                 return 0;
                         }
                         inf = 0;
@@ -1043,15 +1005,14 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf,
 
                 if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
                     len, tag, aclass, 0, NULL)) {
-                        ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+                        ASN1error(ERR_R_NESTED_ASN1_ERROR);
                         return 0;
                 }
 
                 /* If indefinite length constructed update max length */
                 if (cst) {
                         if (depth >= ASN1_MAX_STRING_NEST) {
-                                ASN1err(ASN1_F_ASN1_COLLECT,
-                                    ASN1_R_NESTED_ASN1_STRING);
+                                ASN1error(ASN1_R_NESTED_ASN1_STRING);
                                 return 0;
                         }
                         if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
@@ -1062,7 +1023,7 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf,
                 len -= p - q;
         }
         if (inf) {
-                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+                ASN1error(ASN1_R_MISSING_EOC);
                 return 0;
         }
         *in = p;
@@ -1076,7 +1037,7 @@ collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
         if (buf) {
                 len = buf->length;
                 if (!BUF_MEM_grow_clean(buf, len + plen)) {
-                        ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 memcpy(buf->data + len, *p, plen);
@@ -1141,8 +1102,7 @@ asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf,
                          * header can't exceed total amount of data available.
                          */
                         if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
-                                ASN1err(ASN1_F_ASN1_CHECK_TLEN,
-                                    ASN1_R_TOO_LONG);
+                                ASN1error(ASN1_R_TOO_LONG);
                                 asn1_tlc_clear(ctx);
                                 return 0;
                         }
@@ -1150,7 +1110,7 @@ asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf,
         }
 
         if (i & 0x80) {
-                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+                ASN1error(ASN1_R_BAD_OBJECT_HEADER);
                 asn1_tlc_clear(ctx);
                 return 0;
         }
@@ -1162,7 +1122,7 @@ asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf,
                         if (opt)
                                 return -1;
                         asn1_tlc_clear(ctx);
-                        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+                        ASN1error(ASN1_R_WRONG_TAG);
                         return 0;
                 }
                 /* We have a tag and class match:
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c
index 491de0131e..e9bbc05e08 100644
--- a/src/lib/libcrypto/asn1/tasn_new.c
+++ b/src/lib/libcrypto/asn1/tasn_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_new.c,v 1.16 2016/12/30 16:04:34 jsing Exp $ */
+/* $OpenBSD: tasn_new.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -190,7 +190,7 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
         return 1;
 
 memerr:
-        ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
+        ASN1error(ERR_R_MALLOC_FAILURE);
 #ifdef CRYPTO_MDEBUG
         if (it->sname)
                 CRYPTO_pop_info();
@@ -198,7 +198,7 @@ memerr:
         return 0;
 
 auxerr:
-        ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
+        ASN1error(ASN1_R_AUX_ERROR);
         ASN1_item_ex_free(pval, it);
 #ifdef CRYPTO_MDEBUG
         if (it->sname)
@@ -266,7 +266,7 @@ ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
                 STACK_OF(ASN1_VALUE) *skval;
                 skval = sk_ASN1_VALUE_new_null();
                 if (!skval) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+                        ASN1error(ERR_R_MALLOC_FAILURE);
                         ret = 0;
                         goto done;
                 }
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c
index 80e7fbb890..7cccd56a16 100644
--- a/src/lib/libcrypto/asn1/tasn_prn.c
+++ b/src/lib/libcrypto/asn1/tasn_prn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_prn.c,v 1.15 2016/12/30 16:04:34 jsing Exp $ */
+/* $OpenBSD: tasn_prn.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -87,7 +87,7 @@ ASN1_PCTX_new(void)
         ASN1_PCTX *ret;
         ret = malloc(sizeof(ASN1_PCTX));
         if (ret == NULL) {
-                ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         ret->flags = 0;
diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c
index 529aaf6116..391ef01a57 100644
--- a/src/lib/libcrypto/asn1/tasn_utl.c
+++ b/src/lib/libcrypto/asn1/tasn_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_utl.c,v 1.11 2015/07/25 17:07:17 jsing Exp $ */
+/* $OpenBSD: tasn_utl.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -275,7 +275,6 @@ asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr)
 err:
         /* FIXME: should log the value or OID of unsupported type */
         if (nullerr)
-                ASN1err(ASN1_F_ASN1_DO_ADB,
-                    ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+                ASN1error(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
         return NULL;
 }
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index eeff341d7d..d8f24ca10b 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_crl.c,v 1.26 2016/12/30 16:04:34 jsing Exp $ */
+/* $OpenBSD: x_crl.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -535,7 +535,7 @@ X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
         if (!inf->revoked)
                 inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
         if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
-                ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         inf->enc.modified = 1;
diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c
index 05ac364fa7..c476923158 100644
--- a/src/lib/libcrypto/asn1/x_info.c
+++ b/src/lib/libcrypto/asn1/x_info.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_info.c,v 1.16 2016/03/11 07:08:44 mmcc Exp $ */
+/* $OpenBSD: x_info.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -70,7 +70,7 @@ X509_INFO_new(void)
 
         ret = malloc(sizeof(X509_INFO));
         if (ret == NULL) {
-                ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
 
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
index 90a41129bc..9df3a3181a 100644
--- a/src/lib/libcrypto/asn1/x_long.c
+++ b/src/lib/libcrypto/asn1/x_long.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_long.c,v 1.10 2015/07/25 17:07:17 jsing Exp $ */
+/* $OpenBSD: x_long.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -173,7 +173,7 @@ long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
         unsigned long utmp = 0;
         char *cp = (char *)pval;
         if (len > (int)sizeof(long)) {
-                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+                ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                 return 0;
         }
         /* Is it negative? */
@@ -195,7 +195,7 @@ long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
                 ltmp = -ltmp;
         }
         if (ltmp == it->size) {
-                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+                ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                 return 0;
         }
         memcpy(cp, &ltmp, sizeof(long));
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
index 87bcc2c5ba..30fef39fb7 100644
--- a/src/lib/libcrypto/asn1/x_name.c
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_name.c,v 1.32 2016/12/30 16:04:34 jsing Exp $ */
+/* $OpenBSD: x_name.c,v 1.33 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -257,7 +257,7 @@ x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
         return 1;
 
 memerr:
-        ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
+        ASN1error(ERR_R_MALLOC_FAILURE);
         if (ret) {
                 if (ret->entries)
                         sk_X509_NAME_ENTRY_free(ret->entries);
@@ -339,7 +339,7 @@ x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
 err:
         if (nm.x != NULL)
                 X509_NAME_free(nm.x);
-        ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+        ASN1error(ERR_R_NESTED_ASN1_ERROR);
         return 0;
 }
 
@@ -424,7 +424,7 @@ x509_name_encode(X509_NAME *a)
 memerr:
         sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
             local_sk_X509_NAME_ENTRY_free);
-        ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
+        ASN1error(ERR_R_MALLOC_FAILURE);
         return -1;
 }
 
diff --git a/src/lib/libcrypto/asn1/x_pkey.c b/src/lib/libcrypto/asn1/x_pkey.c
index 701db0fc6d..c946281f4a 100644
--- a/src/lib/libcrypto/asn1/x_pkey.c
+++ b/src/lib/libcrypto/asn1/x_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_pkey.c,v 1.19 2015/09/30 18:41:06 jsing Exp $ */
+/* $OpenBSD: x_pkey.c,v 1.20 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -70,16 +70,16 @@ X509_PKEY_new(void)
         X509_PKEY *ret = NULL;
 
         if ((ret = malloc(sizeof(X509_PKEY))) == NULL) {
-                ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         ret->version = 0;
         if ((ret->enc_algor = X509_ALGOR_new()) == NULL) {
-                ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if ((ret->enc_pkey = ASN1_OCTET_STRING_new()) == NULL) {
-                ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         ret->dec_pkey = NULL;
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index 3bdbb5a536..738507bbb6 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_pubkey.c,v 1.25 2015/02/11 04:00:39 jsing Exp $ */
+/* $OpenBSD: x_pubkey.c,v 1.26 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -149,17 +149,15 @@ X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
         if (pkey->ameth) {
                 if (pkey->ameth->pub_encode) {
                         if (!pkey->ameth->pub_encode(pk, pkey)) {
-                                X509err(X509_F_X509_PUBKEY_SET,
-                                    X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                                X509error(X509_R_PUBLIC_KEY_ENCODE_ERROR);
                                 goto error;
                         }
                 } else {
-                        X509err(X509_F_X509_PUBKEY_SET,
-                            X509_R_METHOD_NOT_SUPPORTED);
+                        X509error(X509_R_METHOD_NOT_SUPPORTED);
                         goto error;
                 }
         } else {
-                X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
+                X509error(X509_R_UNSUPPORTED_ALGORITHM);
                 goto error;
         }
 
@@ -193,23 +191,22 @@ X509_PUBKEY_get(X509_PUBKEY *key)
                 goto error;
 
         if ((ret = EVP_PKEY_new()) == NULL) {
-                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 goto error;
         }
 
         if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) {
-                X509err(X509_F_X509_PUBKEY_GET, X509_R_UNSUPPORTED_ALGORITHM);
+                X509error(X509_R_UNSUPPORTED_ALGORITHM);
                 goto error;
         }
 
         if (ret->ameth->pub_decode) {
                 if (!ret->ameth->pub_decode(ret, key)) {
-                        X509err(X509_F_X509_PUBKEY_GET,
-                            X509_R_PUBLIC_KEY_DECODE_ERROR);
+                        X509error(X509_R_PUBLIC_KEY_DECODE_ERROR);
                         goto error;
                 }
         } else {
-                X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED);
+                X509error(X509_R_METHOD_NOT_SUPPORTED);
                 goto error;
         }
 
@@ -304,7 +301,7 @@ i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
                 return 0;
         pktmp = EVP_PKEY_new();
         if (!pktmp) {
-                ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         EVP_PKEY_set1_RSA(pktmp, a);
@@ -346,7 +343,7 @@ i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
                 return 0;
         pktmp = EVP_PKEY_new();
         if (!pktmp) {
-                ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         EVP_PKEY_set1_DSA(pktmp, a);
@@ -387,7 +384,7 @@ i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
         if (!a)
                 return (0);
         if ((pktmp = EVP_PKEY_new()) == NULL) {
-                ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
+                ASN1error(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
         EVP_PKEY_set1_EC_KEY(pktmp, a);
diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c
index db8a30538c..0cc570b66f 100644
--- a/src/lib/libcrypto/bio/b_sock.c
+++ b/src/lib/libcrypto/bio/b_sock.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: b_sock.c,v 1.62 2016/12/20 23:14:37 beck Exp $ */
+/* $OpenBSD: b_sock.c,v 1.63 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -89,13 +89,12 @@ BIO_get_host_ip(const char *str, unsigned char *ip)
         CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
         he = BIO_gethostbyname(str);
         if (he == NULL) {
-                BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP);
+                BIOerror(BIO_R_BAD_HOSTNAME_LOOKUP);
                 goto err;
         }
 
         if (he->h_addrtype != AF_INET) {
-                BIOerr(BIO_F_BIO_GET_HOST_IP,
-                    BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+                BIOerror(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
                 goto err;
         }
         for (i = 0; i < 4; i++)
@@ -123,7 +122,7 @@ BIO_get_port(const char *str, unsigned short *port_ptr)
         int error;
 
         if (str == NULL) {
-                BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_SPECIFIED);
+                BIOerror(BIO_R_NO_PORT_SPECIFIED);
                 return (0);
         }
 
@@ -162,7 +161,7 @@ BIO_socket_ioctl(int fd, long type, void *arg)
 
         ret = ioctl(fd, type, arg);
         if (ret < 0)
-                SYSerr(SYS_F_IOCTLSOCKET, errno);
+                SYSerror(errno);
         return (ret);
 }
 
@@ -258,10 +257,9 @@ BIO_get_accept_socket(char *host, int bind_mode)
 again:
         s = socket(server.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
         if (s == -1) {
-                SYSerr(SYS_F_SOCKET, errno);
+                SYSerror(errno);
                 ERR_asprintf_error_data("port='%s'", host);
-                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,
-                    BIO_R_UNABLE_TO_CREATE_SOCKET);
+                BIOerror(BIO_R_UNABLE_TO_CREATE_SOCKET);
                 goto err;
         }
 
@@ -301,17 +299,15 @@ again:
                         }
                         /* else error */
                 }
-                SYSerr(SYS_F_BIND, err_num);
+                SYSerror(err_num);
                 ERR_asprintf_error_data("port='%s'", host);
-                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,
-                    BIO_R_UNABLE_TO_BIND_SOCKET);
+                BIOerror(BIO_R_UNABLE_TO_BIND_SOCKET);
                 goto err;
         }
         if (listen(s, SOMAXCONN) == -1) {
-                SYSerr(SYS_F_BIND, errno);
+                SYSerror(errno);
                 ERR_asprintf_error_data("port='%s'", host);
-                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,
-                    BIO_R_UNABLE_TO_LISTEN_SOCKET);
+                BIOerror(BIO_R_UNABLE_TO_LISTEN_SOCKET);
                 goto err;
         }
         ret = 1;
@@ -347,8 +343,8 @@ BIO_accept(int sock, char **addr)
         if (ret == -1) {
                 if (BIO_sock_should_retry(ret))
                         return -2;
-                SYSerr(SYS_F_ACCEPT, errno);
-                BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR);
+                SYSerror(errno);
+                BIOerror(BIO_R_ACCEPT_ERROR);
                 goto end;
         }
 
@@ -371,7 +367,7 @@ BIO_accept(int sock, char **addr)
                         ret = -1;
                         free(p);
                         *addr = NULL;
-                        BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
+                        BIOerror(ERR_R_MALLOC_FAILURE);
                         goto end;
                 }
                 p = tmp;
@@ -387,7 +383,7 @@ BIO_accept(int sock, char **addr)
                 if ((p = malloc(24)) == NULL) {
                         close(ret);
                         ret = -1;
-                        BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
+                        BIOerror(ERR_R_MALLOC_FAILURE);
                         goto end;
                 }
                 *addr = p;
diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c
index 588cc48a28..30765b03ca 100644
--- a/src/lib/libcrypto/bio/bf_buff.c
+++ b/src/lib/libcrypto/bio/bf_buff.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bf_buff.c,v 1.23 2015/07/19 18:29:31 miod Exp $ */
+/* $OpenBSD: bf_buff.c,v 1.24 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -445,7 +445,7 @@ buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         }
         return (ret);
 malloc_error:
-        BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+        BIOerror(ERR_R_MALLOC_FAILURE);
         return (0);
 }
 
diff --git a/src/lib/libcrypto/bio/bf_lbuf.c b/src/lib/libcrypto/bio/bf_lbuf.c
index 7978fdb347..5d9ec0f025 100644
--- a/src/lib/libcrypto/bio/bf_lbuf.c
+++ b/src/lib/libcrypto/bio/bf_lbuf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bf_lbuf.c,v 1.13 2015/07/19 18:29:31 miod Exp $ */
+/* $OpenBSD: bf_lbuf.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -343,7 +343,7 @@ linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         }
         return (ret);
 malloc_error:
-        BIOerr(BIO_F_LINEBUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+        BIOerror(ERR_R_MALLOC_FAILURE);
         return (0);
 }
 
diff --git a/src/lib/libcrypto/bio/bio_err.c b/src/lib/libcrypto/bio/bio_err.c
index 80788585ba..2920e32103 100644
--- a/src/lib/libcrypto/bio/bio_err.c
+++ b/src/lib/libcrypto/bio/bio_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_err.c,v 1.16 2014/07/10 22:45:56 jsing Exp $ */
+/* $OpenBSD: bio_err.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -72,39 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
 
 static ERR_STRING_DATA BIO_str_functs[] = {
-        {ERR_FUNC(BIO_F_ACPT_STATE),    "ACPT_STATE"},
-        {ERR_FUNC(BIO_F_BIO_ACCEPT),    "BIO_accept"},
-        {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER),    "BIO_BER_GET_HEADER"},
-        {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL),     "BIO_callback_ctrl"},
-        {ERR_FUNC(BIO_F_BIO_CTRL),      "BIO_ctrl"},
-        {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME),     "BIO_gethostbyname"},
-        {ERR_FUNC(BIO_F_BIO_GETS),      "BIO_gets"},
-        {ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
-        {ERR_FUNC(BIO_F_BIO_GET_HOST_IP),       "BIO_get_host_ip"},
-        {ERR_FUNC(BIO_F_BIO_GET_PORT),  "BIO_get_port"},
-        {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
-        {ERR_FUNC(BIO_F_BIO_NEW),       "BIO_new"},
-        {ERR_FUNC(BIO_F_BIO_NEW_FILE),  "BIO_new_file"},
-        {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF),       "BIO_new_mem_buf"},
-        {ERR_FUNC(BIO_F_BIO_NREAD),     "BIO_nread"},
-        {ERR_FUNC(BIO_F_BIO_NREAD0),    "BIO_nread0"},
-        {ERR_FUNC(BIO_F_BIO_NWRITE),    "BIO_nwrite"},
-        {ERR_FUNC(BIO_F_BIO_NWRITE0),   "BIO_nwrite0"},
-        {ERR_FUNC(BIO_F_BIO_PUTS),      "BIO_puts"},
-        {ERR_FUNC(BIO_F_BIO_READ),      "BIO_read"},
-        {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
-        {ERR_FUNC(BIO_F_BIO_WRITE),     "BIO_write"},
-        {ERR_FUNC(BIO_F_BUFFER_CTRL),   "BUFFER_CTRL"},
-        {ERR_FUNC(BIO_F_CONN_CTRL),     "CONN_CTRL"},
-        {ERR_FUNC(BIO_F_CONN_STATE),    "CONN_STATE"},
-        {ERR_FUNC(BIO_F_DGRAM_SCTP_READ),       "DGRAM_SCTP_READ"},
-        {ERR_FUNC(BIO_F_FILE_CTRL),     "FILE_CTRL"},
-        {ERR_FUNC(BIO_F_FILE_READ),     "FILE_READ"},
-        {ERR_FUNC(BIO_F_LINEBUFFER_CTRL),       "LINEBUFFER_CTRL"},
-        {ERR_FUNC(BIO_F_MEM_READ),      "MEM_READ"},
-        {ERR_FUNC(BIO_F_MEM_WRITE),     "MEM_WRITE"},
-        {ERR_FUNC(BIO_F_SSL_NEW),       "SSL_new"},
-        {ERR_FUNC(BIO_F_WSASTARTUP),    "WSASTARTUP"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c
index 0be56aacde..86ccbdc202 100644
--- a/src/lib/libcrypto/bio/bio_lib.c
+++ b/src/lib/libcrypto/bio/bio_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_lib.c,v 1.22 2015/02/10 11:22:21 jsing Exp $ */
+/* $OpenBSD: bio_lib.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -71,7 +71,7 @@ BIO_new(BIO_METHOD *method)
 
         ret = malloc(sizeof(BIO));
         if (ret == NULL) {
-                BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+                BIOerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         if (!BIO_set(ret, method)) {
@@ -200,7 +200,7 @@ BIO_read(BIO *b, void *out, int outl)
         long (*cb)(BIO *, int, const char *, int, long, long);
 
         if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) {
-                BIOerr(BIO_F_BIO_READ, BIO_R_UNSUPPORTED_METHOD);
+                BIOerror(BIO_R_UNSUPPORTED_METHOD);
                 return (-2);
         }
 
@@ -210,7 +210,7 @@ BIO_read(BIO *b, void *out, int outl)
                 return (i);
 
         if (!b->init) {
-                BIOerr(BIO_F_BIO_READ, BIO_R_UNINITIALIZED);
+                BIOerror(BIO_R_UNINITIALIZED);
                 return (-2);
         }
 
@@ -236,7 +236,7 @@ BIO_write(BIO *b, const void *in, int inl)
 
         cb = b->callback;
         if ((b->method == NULL) || (b->method->bwrite == NULL)) {
-                BIOerr(BIO_F_BIO_WRITE, BIO_R_UNSUPPORTED_METHOD);
+                BIOerror(BIO_R_UNSUPPORTED_METHOD);
                 return (-2);
         }
 
@@ -245,7 +245,7 @@ BIO_write(BIO *b, const void *in, int inl)
                 return (i);
 
         if (!b->init) {
-                BIOerr(BIO_F_BIO_WRITE, BIO_R_UNINITIALIZED);
+                BIOerror(BIO_R_UNINITIALIZED);
                 return (-2);
         }
 
@@ -267,7 +267,7 @@ BIO_puts(BIO *b, const char *in)
         long (*cb)(BIO *, int, const char *, int, long, long);
 
         if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) {
-                BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD);
+                BIOerror(BIO_R_UNSUPPORTED_METHOD);
                 return (-2);
         }
 
@@ -278,7 +278,7 @@ BIO_puts(BIO *b, const char *in)
                 return (i);
 
         if (!b->init) {
-                BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED);
+                BIOerror(BIO_R_UNINITIALIZED);
                 return (-2);
         }
 
@@ -299,7 +299,7 @@ BIO_gets(BIO *b, char *in, int inl)
         long (*cb)(BIO *, int, const char *, int, long, long);
 
         if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) {
-                BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD);
+                BIOerror(BIO_R_UNSUPPORTED_METHOD);
                 return (-2);
         }
 
@@ -310,7 +310,7 @@ BIO_gets(BIO *b, char *in, int inl)
                 return (i);
 
         if (!b->init) {
-                BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED);
+                BIOerror(BIO_R_UNINITIALIZED);
                 return (-2);
         }
 
@@ -364,7 +364,7 @@ BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
                 return (0);
 
         if ((b->method == NULL) || (b->method->ctrl == NULL)) {
-                BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD);
+                BIOerror(BIO_R_UNSUPPORTED_METHOD);
                 return (-2);
         }
 
@@ -392,7 +392,7 @@ BIO_callback_ctrl(BIO *b, int cmd,
                 return (0);
 
         if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) {
-                BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD);
+                BIOerror(BIO_R_UNSUPPORTED_METHOD);
                 return (-2);
         }
 
diff --git a/src/lib/libcrypto/bio/bss_acpt.c b/src/lib/libcrypto/bio/bss_acpt.c
index 4e3c982c2d..20508a7d5e 100644
--- a/src/lib/libcrypto/bio/bss_acpt.c
+++ b/src/lib/libcrypto/bio/bss_acpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_acpt.c,v 1.26 2015/07/18 22:09:30 beck Exp $ */
+/* $OpenBSD: bss_acpt.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -201,7 +201,7 @@ again:
         switch (c->state) {
         case ACPT_S_BEFORE:
                 if (c->param_addr == NULL) {
-                        BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_PORT_SPECIFIED);
+                        BIOerror(BIO_R_NO_ACCEPT_PORT_SPECIFIED);
                         return (-1);
                 }
                 s = BIO_get_accept_socket(c->param_addr, c->bind_mode);
@@ -211,7 +211,7 @@ again:
                 if (c->accept_nbio) {
                         if (!BIO_socket_nbio(s, 1)) {
                                 close(s);
-                                BIOerr(BIO_F_ACPT_STATE, BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
+                                BIOerror(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
                                 return (-1);
                         }
                 }
@@ -248,7 +248,7 @@ again:
 
                 if (c->nbio) {
                         if (!BIO_socket_nbio(i, 1)) {
-                                BIOerr(BIO_F_ACPT_STATE, BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
+                                BIOerror(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
                                 goto err;
                         }
                 }
diff --git a/src/lib/libcrypto/bio/bss_bio.c b/src/lib/libcrypto/bio/bss_bio.c
index c817910d93..20eb9a9829 100644
--- a/src/lib/libcrypto/bio/bss_bio.c
+++ b/src/lib/libcrypto/bio/bss_bio.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_bio.c,v 1.22 2015/12/23 20:37:23 mmcc Exp $ */
+/* $OpenBSD: bss_bio.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
  *
@@ -348,7 +348,7 @@ bio_write(BIO *bio, const char *buf, int num_)
         b->request = 0;
         if (b->closed) {
                 /* we already closed */
-                BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+                BIOerror(BIO_R_BROKEN_PIPE);
                 return -1;
         }
 
@@ -425,7 +425,7 @@ bio_nwrite0(BIO *bio, char **buf)
 
         b->request = 0;
         if (b->closed) {
-                BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
+                BIOerror(BIO_R_BROKEN_PIPE);
                 return -1;
         }
 
@@ -491,10 +491,10 @@ bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 
         case BIO_C_SET_WRITE_BUF_SIZE:
                 if (b->peer) {
-                        BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+                        BIOerror(BIO_R_IN_USE);
                         ret = 0;
                 } else if (num == 0) {
-                        BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+                        BIOerror(BIO_R_INVALID_ARGUMENT);
                         ret = 0;
                 } else {
                         size_t new_size = num;
@@ -679,14 +679,14 @@ bio_make_pair(BIO *bio1, BIO *bio2)
         b2 = bio2->ptr;
 
         if (b1->peer != NULL || b2->peer != NULL) {
-                BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+                BIOerror(BIO_R_IN_USE);
                 return 0;
         }
 
         if (b1->buf == NULL) {
                 b1->buf = malloc(b1->size);
                 if (b1->buf == NULL) {
-                        BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+                        BIOerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 b1->len = 0;
@@ -696,7 +696,7 @@ bio_make_pair(BIO *bio1, BIO *bio2)
         if (b2->buf == NULL) {
                 b2->buf = malloc(b2->size);
                 if (b2->buf == NULL) {
-                        BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+                        BIOerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 b2->len = 0;
@@ -822,7 +822,7 @@ BIO_nread0(BIO *bio, char **buf)
         long ret;
 
         if (!bio->init) {
-                BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
+                BIOerror(BIO_R_UNINITIALIZED);
                 return -2;
         }
 
@@ -839,7 +839,7 @@ BIO_nread(BIO *bio, char **buf, int num)
         int ret;
 
         if (!bio->init) {
-                BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
+                BIOerror(BIO_R_UNINITIALIZED);
                 return -2;
         }
 
@@ -855,7 +855,7 @@ BIO_nwrite0(BIO *bio, char **buf)
         long ret;
 
         if (!bio->init) {
-                BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
+                BIOerror(BIO_R_UNINITIALIZED);
                 return -2;
         }
 
@@ -872,7 +872,7 @@ BIO_nwrite(BIO *bio, char **buf, int num)
         int ret;
 
         if (!bio->init) {
-                BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
+                BIOerror(BIO_R_UNINITIALIZED);
                 return -2;
         }
 
diff --git a/src/lib/libcrypto/bio/bss_conn.c b/src/lib/libcrypto/bio/bss_conn.c
index 7f50936677..555273882c 100644
--- a/src/lib/libcrypto/bio/bss_conn.c
+++ b/src/lib/libcrypto/bio/bss_conn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_conn.c,v 1.32 2014/11/26 05:37:26 bcook Exp $ */
+/* $OpenBSD: bss_conn.c,v 1.33 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -134,7 +134,7 @@ conn_state(BIO *b, BIO_CONNECT *c)
                 case BIO_CONN_S_BEFORE:
                         p = c->param_hostname;
                         if (p == NULL) {
-                                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_SPECIFIED);
+                                BIOerror(BIO_R_NO_HOSTNAME_SPECIFIED);
                                 goto exit_loop;
                         }
                         for (; *p != '\0'; p++) {
@@ -157,7 +157,7 @@ conn_state(BIO *b, BIO_CONNECT *c)
                         }
 
                         if (c->param_port == NULL) {
-                                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_PORT_SPECIFIED);
+                                BIOerror(BIO_R_NO_PORT_SPECIFIED);
                                 ERR_asprintf_error_data("host=%s",
                                     c->param_hostname);
                                 goto exit_loop;
@@ -195,11 +195,10 @@ conn_state(BIO *b, BIO_CONNECT *c)
 
                         ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
                         if (ret == -1) {
-                                SYSerr(SYS_F_SOCKET, errno);
+                                SYSerror(errno);
                                 ERR_asprintf_error_data("host=%s:%s",
                                     c->param_hostname, c->param_port);
-                                BIOerr(BIO_F_CONN_STATE,
-                                    BIO_R_UNABLE_TO_CREATE_SOCKET);
+                                BIOerror(BIO_R_UNABLE_TO_CREATE_SOCKET);
                                 goto exit_loop;
                         }
                         b->num = ret;
@@ -209,8 +208,7 @@ conn_state(BIO *b, BIO_CONNECT *c)
                 case BIO_CONN_S_NBIO:
                         if (c->nbio) {
                                 if (!BIO_socket_nbio(b->num, 1)) {
-                                        BIOerr(BIO_F_CONN_STATE,
-                                            BIO_R_ERROR_SETTING_NBIO);
+                                        BIOerror(BIO_R_ERROR_SETTING_NBIO);
                                         ERR_asprintf_error_data("host=%s:%s",
                                             c->param_hostname, c->param_port);
                                         goto exit_loop;
@@ -222,10 +220,10 @@ conn_state(BIO *b, BIO_CONNECT *c)
                         i = 1;
                         i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, &i, sizeof(i));
                         if (i < 0) {
-                                SYSerr(SYS_F_SOCKET, errno);
+                                SYSerror(errno);
                                 ERR_asprintf_error_data("host=%s:%s",
                                     c->param_hostname, c->param_port);
-                                BIOerr(BIO_F_CONN_STATE, BIO_R_KEEPALIVE);
+                                BIOerror(BIO_R_KEEPALIVE);
                                 goto exit_loop;
                         }
 #endif
@@ -243,11 +241,10 @@ conn_state(BIO *b, BIO_CONNECT *c)
                                         c->state = BIO_CONN_S_BLOCKED_CONNECT;
                                         b->retry_reason = BIO_RR_CONNECT;
                                 } else {
-                                        SYSerr(SYS_F_CONNECT, errno);
+                                        SYSerror(errno);
                                         ERR_asprintf_error_data("host=%s:%s",
                                             c->param_hostname, c->param_port);
-                                        BIOerr(BIO_F_CONN_STATE,
-                                            BIO_R_CONNECT_ERROR);
+                                        BIOerror(BIO_R_CONNECT_ERROR);
                                 }
                                 goto exit_loop;
                         } else
@@ -258,11 +255,10 @@ conn_state(BIO *b, BIO_CONNECT *c)
                         i = BIO_sock_error(b->num);
                         if (i) {
                                 BIO_clear_retry_flags(b);
-                                SYSerr(SYS_F_CONNECT, i);
+                                SYSerror(i);
                                 ERR_asprintf_error_data("host=%s:%s",
                                     c->param_hostname, c->param_port);
-                                BIOerr(BIO_F_CONN_STATE,
-                                    BIO_R_NBIO_CONNECT_ERROR);
+                                BIOerror(BIO_R_NBIO_CONNECT_ERROR);
                                 ret = 0;
                                 goto exit_loop;
                         } else
@@ -533,7 +529,7 @@ conn_ctrl(BIO *b, int cmd, long num, void *ptr)
         case BIO_CTRL_SET_CALLBACK:
                 {
 #if 0 /* FIXME: Should this be used?  -- Richard Levitte */
-                        BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                        BIOerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                         ret = -1;
 #else
                         ret = 0;
diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c
index c710076fea..01f4a3ff3b 100644
--- a/src/lib/libcrypto/bio/bss_file.c
+++ b/src/lib/libcrypto/bio/bss_file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_file.c,v 1.31 2014/11/11 19:26:12 miod Exp $ */
+/* $OpenBSD: bss_file.c,v 1.32 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -119,12 +119,12 @@ BIO_new_file(const char *filename, const char *mode)
         file = fopen(filename, mode);
 
         if (file == NULL) {
-                SYSerr(SYS_F_FOPEN, errno);
+                SYSerror(errno);
                 ERR_asprintf_error_data("fopen('%s', '%s')", filename, mode);
                 if (errno == ENOENT)
-                        BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
+                        BIOerror(BIO_R_NO_SUCH_FILE);
                 else
-                        BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
+                        BIOerror(ERR_R_SYS_LIB);
                 return (NULL);
         }
         if ((ret = BIO_new(BIO_s_file())) == NULL) {
@@ -188,8 +188,8 @@ file_read(BIO *b, char *out, int outl)
         if (b->init && out != NULL) {
                 ret = fread(out, 1, outl, (FILE *)b->ptr);
                 if (ret == 0 && ferror((FILE *)b->ptr)) {
-                        SYSerr(SYS_F_FREAD, errno);
-                        BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB);
+                        SYSerror(errno);
+                        BIOerror(ERR_R_SYS_LIB);
                         ret = -1;
                 }
         }
@@ -246,15 +246,15 @@ file_ctrl(BIO *b, int cmd, long num, void *ptr)
                 else if (num & BIO_FP_READ)
                         strlcpy(p, "r", sizeof p);
                 else {
-                        BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);
+                        BIOerror(BIO_R_BAD_FOPEN_MODE);
                         ret = 0;
                         break;
                 }
                 fp = fopen(ptr, p);
                 if (fp == NULL) {
-                        SYSerr(SYS_F_FOPEN, errno);
+                        SYSerror(errno);
                         ERR_asprintf_error_data("fopen('%s', '%s')", ptr, p);
-                        BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
+                        BIOerror(ERR_R_SYS_LIB);
                         ret = 0;
                         break;
                 }
diff --git a/src/lib/libcrypto/bio/bss_mem.c b/src/lib/libcrypto/bio/bss_mem.c
index 119bd672f6..be491ca152 100644
--- a/src/lib/libcrypto/bio/bss_mem.c
+++ b/src/lib/libcrypto/bio/bss_mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_mem.c,v 1.14 2015/03/21 08:05:20 doug Exp $ */
+/* $OpenBSD: bss_mem.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -101,7 +101,7 @@ BIO_new_mem_buf(void *buf, int len)
         size_t sz;
 
         if (!buf) {
-                BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER);
+                BIOerror(BIO_R_NULL_PARAMETER);
                 return NULL;
         }
         sz = (len < 0) ? strlen(buf) : (size_t)len;
@@ -183,12 +183,12 @@ mem_write(BIO *b, const char *in, int inl)
 
         bm = (BUF_MEM *)b->ptr;
         if (in == NULL) {
-                BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER);
+                BIOerror(BIO_R_NULL_PARAMETER);
                 goto end;
         }
 
         if (b->flags & BIO_FLAGS_MEM_RDONLY) {
-                BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO);
+                BIOerror(BIO_R_WRITE_TO_READ_ONLY_BIO);
                 goto end;
         }
 
diff --git a/src/lib/libcrypto/bn/bn_add.c b/src/lib/libcrypto/bn/bn_add.c
index ebc9b9b56b..334fb4f5d4 100644
--- a/src/lib/libcrypto/bn/bn_add.c
+++ b/src/lib/libcrypto/bn/bn_add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_add.c,v 1.10 2014/10/28 07:35:58 jsg Exp $ */
+/* $OpenBSD: bn_add.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -182,7 +182,7 @@ BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 
         if (dif < 0)    /* hmm... should not be happening */
         {
-                BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
+                BNerror(BN_R_ARG2_LT_ARG3);
                 return (0);
         }
 
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index 28c6276751..ecd6718279 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_blind.c,v 1.16 2017/01/21 11:00:46 beck Exp $ */
+/* $OpenBSD: bn_blind.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -144,7 +144,7 @@ BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
         bn_check_top(mod);
 
         if ((ret = calloc(1, sizeof(BN_BLINDING))) == NULL) {
-                BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+                BNerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         if (A != NULL) {
@@ -194,7 +194,7 @@ BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
         int ret = 0;
 
         if ((b->A == NULL) || (b->Ai == NULL)) {
-                BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
+                BNerror(BN_R_NOT_INITIALIZED);
                 goto err;
         }
 
@@ -235,7 +235,7 @@ BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
         bn_check_top(n);
 
         if ((b->A == NULL) || (b->Ai == NULL)) {
-                BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
+                BNerror(BN_R_NOT_INITIALIZED);
                 return (0);
         }
 
@@ -273,7 +273,7 @@ BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
                 ret = BN_mod_mul(n, n, r, b->mod, ctx);
         else {
                 if (b->Ai == NULL) {
-                        BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
+                        BNerror(BN_R_NOT_INITIALIZED);
                         return (0);
                 }
                 ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
@@ -356,8 +356,7 @@ BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m,
                         unsigned long error = ERR_peek_last_error();
                         if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
                                 if (retry_counter-- == 0) {
-                                        BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
-                                            BN_R_TOO_MANY_ITERATIONS);
+                                        BNerror(BN_R_TOO_MANY_ITERATIONS);
                                         goto err;
                                 }
                                 ERR_clear_error();
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c
index eb2d6a43b3..1237ac1365 100644
--- a/src/lib/libcrypto/bn/bn_ctx.c
+++ b/src/lib/libcrypto/bn/bn_ctx.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_ctx.c,v 1.14 2015/02/10 09:50:12 miod Exp $ */
+/* $OpenBSD: bn_ctx.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Ulf Moeller for the OpenSSL project. */
 /* ====================================================================
  * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
@@ -225,7 +225,7 @@ BN_CTX_new(void)
 {
         BN_CTX *ret = malloc(sizeof(BN_CTX));
         if (!ret) {
-                BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
+                BNerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -274,7 +274,7 @@ BN_CTX_start(BN_CTX *ctx)
                 ctx->err_stack++;
         /* (Try to) get a new frame pointer */
         else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
-                BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+                BNerror(BN_R_TOO_MANY_TEMPORARY_VARIABLES);
                 ctx->err_stack++;
         }
         CTXDBG_EXIT(ctx);
@@ -312,7 +312,7 @@ BN_CTX_get(BN_CTX *ctx)
                 /* Setting too_many prevents repeated "get" attempts from
                  * cluttering the error stack. */
                 ctx->too_many = 1;
-                BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+                BNerror(BN_R_TOO_MANY_TEMPORARY_VARIABLES);
                 return NULL;
         }
         /* OK, make sure the returned bignum is "zero" */
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index a8f7c9f384..f3a97bcc8d 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_div.c,v 1.24 2017/01/21 10:38:29 beck Exp $ */
+/* $OpenBSD: bn_div.c,v 1.25 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -131,7 +131,7 @@ BN_div_internal(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor
          * in the case of 'num', so don't just rely on bn_check_top() for this one
          * (bn_check_top() works only for BN_DEBUG builds) */
         if (num->top > 0 && num->d[num->top - 1] == 0) {
-                BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
+                BNerror(BN_R_NOT_INITIALIZED);
                 return 0;
         }
 
@@ -146,7 +146,7 @@ BN_div_internal(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor
         bn_check_top(divisor);
 
         if (BN_is_zero(divisor)) {
-                BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+                BNerror(BN_R_DIV_BY_ZERO);
                 return (0);
         }
 
diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c
index 149e58eafc..a693a8cbf8 100644
--- a/src/lib/libcrypto/bn/bn_err.c
+++ b/src/lib/libcrypto/bn/bn_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_err.c,v 1.13 2015/10/21 19:02:22 miod Exp $ */
+/* $OpenBSD: bn_err.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
  *
@@ -72,47 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
 
 static ERR_STRING_DATA BN_str_functs[]= {
-        {ERR_FUNC(BN_F_BNRAND), "BNRAND"},
-        {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
-        {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM),       "BN_BLINDING_create_param"},
-        {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX),  "BN_BLINDING_invert_ex"},
-        {ERR_FUNC(BN_F_BN_BLINDING_NEW),        "BN_BLINDING_new"},
-        {ERR_FUNC(BN_F_BN_BLINDING_UPDATE),     "BN_BLINDING_update"},
-        {ERR_FUNC(BN_F_BN_BN2DEC),      "BN_bn2dec"},
-        {ERR_FUNC(BN_F_BN_BN2HEX),      "BN_bn2hex"},
-        {ERR_FUNC(BN_F_BN_CTX_GET),     "BN_CTX_get"},
-        {ERR_FUNC(BN_F_BN_CTX_NEW),     "BN_CTX_new"},
-        {ERR_FUNC(BN_F_BN_CTX_START),   "BN_CTX_start"},
-        {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
-        {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH),       "BN_div_no_branch"},
-        {ERR_FUNC(BN_F_BN_DIV_RECP),    "BN_div_recp"},
-        {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
-        {ERR_FUNC(BN_F_BN_EXPAND2),     "bn_expand2"},
-        {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL),     "BN_EXPAND_INTERNAL"},
-        {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX),   "BN_generate_prime_ex"},
-        {ERR_FUNC(BN_F_BN_GF2M_MOD),    "BN_GF2m_mod"},
-        {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP),        "BN_GF2m_mod_exp"},
-        {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL),        "BN_GF2m_mod_mul"},
-        {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
-        {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR),     "BN_GF2m_mod_solve_quad_arr"},
-        {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR),        "BN_GF2m_mod_sqr"},
-        {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT),       "BN_GF2m_mod_sqrt"},
-        {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT),       "BN_mod_exp2_mont"},
-        {ERR_FUNC(BN_F_BN_MOD_EXP_MONT),        "BN_mod_exp_mont"},
-        {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME),      "BN_mod_exp_mont_consttime"},
-        {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD),   "BN_mod_exp_mont_word"},
-        {ERR_FUNC(BN_F_BN_MOD_EXP_RECP),        "BN_mod_exp_recp"},
-        {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE),      "BN_mod_exp_simple"},
-        {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
-        {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH),       "BN_mod_inverse_no_branch"},
-        {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK),    "BN_mod_lshift_quick"},
-        {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL),  "BN_mod_mul_reciprocal"},
-        {ERR_FUNC(BN_F_BN_MOD_SQRT),    "BN_mod_sqrt"},
-        {ERR_FUNC(BN_F_BN_MPI2BN),      "BN_mpi2bn"},
-        {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
-        {ERR_FUNC(BN_F_BN_RAND),        "BN_rand"},
-        {ERR_FUNC(BN_F_BN_RAND_RANGE),  "BN_rand_range"},
-        {ERR_FUNC(BN_F_BN_USUB),        "BN_usub"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index f650e94b09..d388758927 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp.c,v 1.29 2017/01/21 10:38:29 beck Exp $ */
+/* $OpenBSD: bn_exp.c,v 1.30 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -129,7 +129,7 @@ BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 
         if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
                 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-                BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return -1;
         }
 
@@ -263,7 +263,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 
         if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
                 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-                BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return -1;
         }
 
@@ -405,7 +405,7 @@ BN_mod_exp_mont_internal(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIG
         bn_check_top(m);
 
         if (!BN_is_odd(m)) {
-                BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+                BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
                 return (0);
         }
 
@@ -662,8 +662,7 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         bn_check_top(m);
 
         if (!BN_is_odd(m)) {
-                BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,
-                    BN_R_CALLED_WITH_EVEN_MODULUS);
+                BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
                 return (0);
         }
 
@@ -938,8 +937,7 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m,
 
         if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
                 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-                BNerr(BN_F_BN_MOD_EXP_MONT_WORD,
-                    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return -1;
         }
 
@@ -947,7 +945,7 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m,
         bn_check_top(m);
 
         if (!BN_is_odd(m)) {
-                BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
+                BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
                 return (0);
         }
         if (m->top == 1)
@@ -1076,8 +1074,7 @@ BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 
         if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
                 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-                BNerr(BN_F_BN_MOD_EXP_SIMPLE,
-                    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return -1;
         }
 
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
index 1d938d3818..372e1ee4ee 100644
--- a/src/lib/libcrypto/bn/bn_exp2.c
+++ b/src/lib/libcrypto/bn/bn_exp2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp2.c,v 1.11 2017/01/21 10:38:29 beck Exp $ */
+/* $OpenBSD: bn_exp2.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -137,7 +137,7 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
         bn_check_top(m);
 
         if (!(m->d[0] & 1)) {
-                BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+                BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
                 return (0);
         }
         bits1 = BN_num_bits(p1);
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
index e2574c3304..469ae752fb 100644
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_gcd.c,v 1.14 2017/01/25 06:15:44 beck Exp $ */
+/* $OpenBSD: bn_gcd.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -527,7 +527,7 @@ BN_mod_inverse_internal(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ct
                                 goto err;
                 }
         } else {
-                BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
+                BNerror(BN_R_NO_INVERSE);
                 goto err;
         }
         ret = R;
@@ -709,7 +709,7 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
                                 goto err;
                 }
         } else {
-                BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
+                BNerror(BN_R_NO_INVERSE);
                 goto err;
         }
         ret = R;
diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c
index 62395f60eb..8562b3f87e 100644
--- a/src/lib/libcrypto/bn/bn_gf2m.c
+++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_gf2m.c,v 1.22 2016/09/03 14:37:00 bcook Exp $ */
+/* $OpenBSD: bn_gf2m.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -470,7 +470,7 @@ BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
         bn_check_top(p);
         ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0]));
         if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) {
-                BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
+                BNerror(BN_R_INVALID_LENGTH);
                 return 0;
         }
         ret = BN_GF2m_mod_arr(r, a, arr);
@@ -553,7 +553,7 @@ BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
         if (!ret || ret > max) {
-                BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
+                BNerror(BN_R_INVALID_LENGTH);
                 goto err;
         }
         ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
@@ -615,7 +615,7 @@ BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
         if (!ret || ret > max) {
-                BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
+                BNerror(BN_R_INVALID_LENGTH);
                 goto err;
         }
         ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
@@ -1052,7 +1052,7 @@ BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
         if (!ret || ret > max) {
-                BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
+                BNerror(BN_R_INVALID_LENGTH);
                 goto err;
         }
         ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
@@ -1114,7 +1114,7 @@ BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
         if (!ret || ret > max) {
-                BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
+                BNerror(BN_R_INVALID_LENGTH);
                 goto err;
         }
         ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
@@ -1206,8 +1206,7 @@ BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
                         count++;
                 } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
                 if (BN_is_zero(w)) {
-                        BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,
-                            BN_R_TOO_MANY_ITERATIONS);
+                        BNerror(BN_R_TOO_MANY_ITERATIONS);
                         goto err;
                 }
         }
@@ -1217,7 +1216,7 @@ BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
         if (!BN_GF2m_add(w, z, w))
                 goto err;
         if (BN_GF2m_cmp(w, a)) {
-                BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
+                BNerror(BN_R_NO_SOLUTION);
                 goto err;
         }
 
@@ -1251,7 +1250,7 @@ BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
         if (!ret || ret > max) {
-                BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
+                BNerror(BN_R_INVALID_LENGTH);
                 goto err;
         }
         ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 17f4ae89da..f2736e31c3 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lib.c,v 1.36 2016/03/15 20:50:22 krw Exp $ */
+/* $OpenBSD: bn_lib.c,v 1.37 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -249,7 +249,7 @@ BN_new(void)
         BIGNUM *ret;
 
         if ((ret = malloc(sizeof(BIGNUM))) == NULL) {
-                BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
+                BNerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         ret->flags = BN_FLG_MALLOCED;
@@ -273,17 +273,16 @@ bn_expand_internal(const BIGNUM *b, int words)
         bn_check_top(b);
 
         if (words > (INT_MAX/(4*BN_BITS2))) {
-                BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
+                BNerror(BN_R_BIGNUM_TOO_LONG);
                 return NULL;
         }
         if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
-                BNerr(BN_F_BN_EXPAND_INTERNAL,
-                    BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+                BNerror(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
                 return (NULL);
         }
         a = A = reallocarray(NULL, words, sizeof(BN_ULONG));
         if (A == NULL) {
-                BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
+                BNerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
 #if 1
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c
index 4c30c098d4..897ff434e9 100644
--- a/src/lib/libcrypto/bn/bn_mod.c
+++ b/src/lib/libcrypto/bn/bn_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mod.c,v 1.11 2017/01/21 10:38:29 beck Exp $ */
+/* $OpenBSD: bn_mod.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project. */
 /* ====================================================================
@@ -278,7 +278,7 @@ BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
                 /* max_shift >= 0 */
 
                 if (max_shift < 0) {
-                        BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
+                        BNerror(BN_R_INPUT_NOT_REDUCED);
                         return 0;
                 }
 
diff --git a/src/lib/libcrypto/bn/bn_mpi.c b/src/lib/libcrypto/bn/bn_mpi.c
index cf4c7d8d24..4801192b50 100644
--- a/src/lib/libcrypto/bn/bn_mpi.c
+++ b/src/lib/libcrypto/bn/bn_mpi.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mpi.c,v 1.7 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: bn_mpi.c,v 1.8 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -98,13 +98,13 @@ BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
         int neg = 0;
 
         if (n < 4) {
-                BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
+                BNerror(BN_R_INVALID_LENGTH);
                 return (NULL);
         }
         len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) |
             (int)d[3];
         if ((len + 4) != n) {
-                BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
+                BNerror(BN_R_ENCODING_ERROR);
                 return (NULL);
         }
 
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c
index ec8217ef69..e78c5686ab 100644
--- a/src/lib/libcrypto/bn/bn_prime.c
+++ b/src/lib/libcrypto/bn/bn_prime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_prime.c,v 1.17 2017/01/21 10:38:29 beck Exp $ */
+/* $OpenBSD: bn_prime.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -173,7 +173,7 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
                  * There are no prime numbers smaller than 2, and the smallest
                  * safe prime (7) spans three bits.
                  */
-                BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+                BNerror(BN_R_BITS_TOO_SMALL);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
index f526065592..de67c03c14 100644
--- a/src/lib/libcrypto/bn/bn_print.c
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_print.c,v 1.30 2016/10/17 03:30:14 guenther Exp $ */
+/* $OpenBSD: bn_print.c,v 1.31 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -80,7 +80,7 @@ BN_bn2hex(const BIGNUM *a)
 
         buf = malloc(BN_is_negative(a) + a->top * BN_BYTES * 2 + 2);
         if (buf == NULL) {
-                BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
+                BNerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         p = buf;
@@ -118,7 +118,7 @@ BN_bn2dec(const BIGNUM *a)
         if (BN_is_zero(a)) {
                 buf = malloc(BN_is_negative(a) + 2);
                 if (buf == NULL) {
-                        BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
+                        BNerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 p = buf;
@@ -140,7 +140,7 @@ BN_bn2dec(const BIGNUM *a)
         bn_data = reallocarray(NULL, bn_data_num, sizeof(BN_ULONG));
         buf = malloc(num + 3);
         if ((buf == NULL) || (bn_data == NULL)) {
-                BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
+                BNerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if ((t = BN_dup(a)) == NULL)
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
index 783f6c22f8..812fa6a575 100644
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_rand.c,v 1.18 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: bn_rand.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -125,7 +125,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
         int ret = 0, bit, bytes, mask;
 
         if (rnd == NULL) {
-                BNerr(BN_F_BNRAND, ERR_R_PASSED_NULL_PARAMETER);
+                BNerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
 
@@ -140,7 +140,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 
         buf = malloc(bytes);
         if (buf == NULL) {
-                BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
+                BNerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -224,7 +224,7 @@ bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
         int count = 100;
 
         if (range->neg || BN_is_zero(range)) {
-                BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+                BNerror(BN_R_INVALID_RANGE);
                 return 0;
         }
 
@@ -254,8 +254,7 @@ bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
                         }
 
                         if (!--count) {
-                                BNerr(BN_F_BN_RAND_RANGE,
-                                    BN_R_TOO_MANY_ITERATIONS);
+                                BNerror(BN_R_TOO_MANY_ITERATIONS);
                                 return 0;
                         }
 
@@ -267,8 +266,7 @@ bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
                                 return 0;
 
                         if (!--count) {
-                                BNerr(BN_F_BN_RAND_RANGE,
-                                    BN_R_TOO_MANY_ITERATIONS);
+                                BNerror(BN_R_TOO_MANY_ITERATIONS);
                                 return 0;
                         }
                 } while (BN_cmp(r, range) >= 0);
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
index aae7c7ef85..6588d33033 100644
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_recp.c,v 1.14 2017/01/21 10:38:29 beck Exp $ */
+/* $OpenBSD: bn_recp.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -212,7 +212,7 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
         j = 0;
         while (BN_ucmp(r, &(recp->N)) >= 0) {
                 if (j++ > 2) {
-                        BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
+                        BNerror(BN_R_BAD_RECIPROCAL);
                         goto err;
                 }
                 if (!BN_usub(r, r, &(recp->N)))
diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c
index 5928dfc79d..8514f23a27 100644
--- a/src/lib/libcrypto/bn/bn_sqrt.c
+++ b/src/lib/libcrypto/bn/bn_sqrt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_sqrt.c,v 1.8 2017/01/21 09:38:58 beck Exp $ */
+/* $OpenBSD: bn_sqrt.c,v 1.9 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * and Bodo Moeller for the OpenSSL project. */
 /* ====================================================================
@@ -89,7 +89,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                         return ret;
                 }
 
-                BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+                BNerror(BN_R_P_IS_NOT_PRIME);
                 return (NULL);
         }
 
@@ -250,7 +250,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                         goto end;
                 if (r == 0) {
                         /* m divides p */
-                        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+                        BNerror(BN_R_P_IS_NOT_PRIME);
                         goto end;
                 }
         }
@@ -262,7 +262,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                  * Even if  p  is not prime, we should have found some  y
                  * such that r == -1.
                  */
-                BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
+                BNerror(BN_R_TOO_MANY_ITERATIONS);
                 goto end;
         }
 
@@ -275,7 +275,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
         if (!BN_mod_exp_ct(y, y, q, p, ctx))
                 goto end;
         if (BN_is_one(y)) {
-                BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+                BNerror(BN_R_P_IS_NOT_PRIME);
                 goto end;
         }
 
@@ -359,7 +359,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                 while (!BN_is_one(t)) {
                         i++;
                         if (i == e) {
-                                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+                                BNerror(BN_R_NOT_A_SQUARE);
                                 goto end;
                         }
                         if (!BN_mod_mul(t, t, t, p, ctx))
@@ -392,7 +392,7 @@ vrfy:
                         err = 1;
 
                 if (!err && 0 != BN_cmp(x, A)) {
-                        BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+                        BNerror(BN_R_NOT_A_SQUARE);
                         err = 1;
                 }
         }
diff --git a/src/lib/libcrypto/buffer/buf_err.c b/src/lib/libcrypto/buffer/buf_err.c
index 8256e89843..dd5cc5e173 100644
--- a/src/lib/libcrypto/buffer/buf_err.c
+++ b/src/lib/libcrypto/buffer/buf_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: buf_err.c,v 1.10 2014/07/10 22:45:56 jsing Exp $ */
+/* $OpenBSD: buf_err.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -72,12 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
 
 static ERR_STRING_DATA BUF_str_functs[] = {
-        {ERR_FUNC(BUF_F_BUF_MEMDUP),    "BUF_memdup"},
-        {ERR_FUNC(BUF_F_BUF_MEM_GROW),  "BUF_MEM_grow"},
-        {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN),    "BUF_MEM_grow_clean"},
-        {ERR_FUNC(BUF_F_BUF_MEM_NEW),   "BUF_MEM_new"},
-        {ERR_FUNC(BUF_F_BUF_STRDUP),    "BUF_strdup"},
-        {ERR_FUNC(BUF_F_BUF_STRNDUP),   "BUF_strndup"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/buffer/buf_str.c b/src/lib/libcrypto/buffer/buf_str.c
index f7e4c0b966..a9ab87a09f 100644
--- a/src/lib/libcrypto/buffer/buf_str.c
+++ b/src/lib/libcrypto/buffer/buf_str.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: buf_str.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: buf_str.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */
 /*
  * Copyright (c) 2014 Bob Beck
  *
@@ -35,7 +35,7 @@ BUF_strdup(const char *str)
 
         if (str != NULL) {
                 if (!(ret = strdup(str)))
-                        BUFerr(BUF_F_BUF_STRDUP, ERR_R_MALLOC_FAILURE);
+                        BUFerror(ERR_R_MALLOC_FAILURE);
         }
         return ret;
 }
@@ -47,7 +47,7 @@ BUF_strndup(const char *str, size_t siz)
 
         if (str != NULL) {
                 if (!(ret = strndup(str, siz)))
-                        BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
+                        BUFerror(ERR_R_MALLOC_FAILURE);
         }
         return ret;
 }
@@ -59,7 +59,7 @@ BUF_memdup(const void *data, size_t siz)
 
         if (data != NULL) {
                 if (!(ret = malloc(siz)))
-                        BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
+                        BUFerror(ERR_R_MALLOC_FAILURE);
                 else
                         (void) memcpy(ret, data, siz);
         }
diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c
index ac3729d52b..e32abb14f3 100644
--- a/src/lib/libcrypto/buffer/buffer.c
+++ b/src/lib/libcrypto/buffer/buffer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: buffer.c,v 1.21 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: buffer.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -75,7 +75,7 @@ BUF_MEM_new(void)
 
         ret = malloc(sizeof(BUF_MEM));
         if (ret == NULL) {
-                BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE);
+                BUFerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         ret->length = 0;
@@ -114,13 +114,13 @@ BUF_MEM_grow(BUF_MEM *str, size_t len)
         }
         /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
         if (len > LIMIT_BEFORE_EXPANSION) {
-                BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+                BUFerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         n = (len + 3) / 3 * 4;
         ret = realloc(str->data, n);
         if (ret == NULL) {
-                BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+                BUFerror(ERR_R_MALLOC_FAILURE);
                 len = 0;
         } else {
                 str->data = ret;
@@ -149,7 +149,7 @@ BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
         }
         /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
         if (len > LIMIT_BEFORE_EXPANSION) {
-                BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+                BUFerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         n = (len + 3) / 3 * 4;
@@ -161,7 +161,7 @@ BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
                 free(str->data);
         }
         if (ret == NULL) {
-                BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+                BUFerror(ERR_R_MALLOC_FAILURE);
                 len = 0;
         } else {
                 str->data = ret;
diff --git a/src/lib/libcrypto/comp/c_zlib.c b/src/lib/libcrypto/comp/c_zlib.c
index d9a3359313..1802cffd99 100644
--- a/src/lib/libcrypto/comp/c_zlib.c
+++ b/src/lib/libcrypto/comp/c_zlib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_zlib.c,v 1.18 2015/12/23 20:37:23 mmcc Exp $ */
+/* $OpenBSD: c_zlib.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -257,7 +257,7 @@ bio_zlib_new(BIO *bi)
 
         ctx = malloc(sizeof(BIO_ZLIB_CTX));
         if (!ctx) {
-                COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
+                COMPerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         ctx->ibuf = NULL;
@@ -324,7 +324,7 @@ bio_zlib_read(BIO *b, char *out, int outl)
         if (!ctx->ibuf) {
                 ctx->ibuf = malloc(ctx->ibufsize);
                 if (!ctx->ibuf) {
-                        COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
+                        COMPerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 inflateInit(zin);
@@ -340,8 +340,7 @@ bio_zlib_read(BIO *b, char *out, int outl)
                 while (zin->avail_in) {
                         ret = inflate(zin, 0);
                         if ((ret != Z_OK) && (ret != Z_STREAM_END)) {
-                                COMPerr(COMP_F_BIO_ZLIB_READ,
-                                    COMP_R_ZLIB_INFLATE_ERROR);
+                                COMPerror(COMP_R_ZLIB_INFLATE_ERROR);
                                 ERR_asprintf_error_data("zlib error:%s",
                                     zError(ret));
                                 return 0;
@@ -386,7 +385,7 @@ bio_zlib_write(BIO *b, const char *in, int inl)
                 ctx->obuf = malloc(ctx->obufsize);
                 /* Need error here */
                 if (!ctx->obuf) {
-                        COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
+                        COMPerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 ctx->optr = ctx->obuf;
@@ -427,8 +426,7 @@ bio_zlib_write(BIO *b, const char *in, int inl)
                 /* Compress some more */
                 ret = deflate(zout, 0);
                 if (ret != Z_OK) {
-                        COMPerr(COMP_F_BIO_ZLIB_WRITE,
-                            COMP_R_ZLIB_DEFLATE_ERROR);
+                        COMPerror(COMP_R_ZLIB_DEFLATE_ERROR);
                         ERR_asprintf_error_data("zlib error:%s", zError(ret));
                         return 0;
                 }
@@ -477,8 +475,7 @@ bio_zlib_flush(BIO *b)
                 if (ret == Z_STREAM_END)
                         ctx->odone = 1;
                 else if (ret != Z_OK) {
-                        COMPerr(COMP_F_BIO_ZLIB_FLUSH,
-                            COMP_R_ZLIB_DEFLATE_ERROR);
+                        COMPerror(COMP_R_ZLIB_DEFLATE_ERROR);
                         ERR_asprintf_error_data("zlib error:%s", zError(ret));
                         return 0;
                 }
diff --git a/src/lib/libcrypto/comp/comp_err.c b/src/lib/libcrypto/comp/comp_err.c
index 3f796d4069..be8a8fc708 100644
--- a/src/lib/libcrypto/comp/comp_err.c
+++ b/src/lib/libcrypto/comp/comp_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: comp_err.c,v 1.9 2014/11/03 16:58:28 tedu Exp $ */
+/* $OpenBSD: comp_err.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
  *
@@ -67,10 +67,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)
 
 static ERR_STRING_DATA COMP_str_functs[] = {
-        {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH),       "BIO_ZLIB_FLUSH"},
-        {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"},
-        {ERR_FUNC(COMP_F_BIO_ZLIB_READ),        "BIO_ZLIB_READ"},
-        {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE),       "BIO_ZLIB_WRITE"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
index e11ef95e43..4099ffc66c 100644
--- a/src/lib/libcrypto/conf/conf_def.c
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_def.c,v 1.31 2015/07/18 22:42:09 beck Exp $ */
+/* $OpenBSD: conf_def.c,v 1.32 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -195,9 +195,9 @@ def_load(CONF *conf, const char *name, long *line)
         in = BIO_new_file(name, "rb");
         if (in == NULL) {
                 if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
-                        CONFerr(CONF_F_DEF_LOAD, CONF_R_NO_SUCH_FILE);
+                        CONFerror(CONF_R_NO_SUCH_FILE);
                 else
-                        CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
+                        CONFerror(ERR_R_SYS_LIB);
                 return 0;
         }
 
@@ -224,25 +224,24 @@ def_load_bio(CONF *conf, BIO *in, long *line)
         void *h = (void *)(conf->data);
 
         if ((buff = BUF_MEM_new()) == NULL) {
-                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+                CONFerror(ERR_R_BUF_LIB);
                 goto err;
         }
 
         section = strdup("default");
         if (section == NULL) {
-                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                CONFerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         if (_CONF_new_data(conf) == 0) {
-                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                CONFerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         sv = _CONF_new_section(conf, section);
         if (sv == NULL) {
-                CONFerr(CONF_F_DEF_LOAD_BIO,
-                    CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                CONFerror(CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
                 goto err;
         }
 
@@ -250,7 +249,7 @@ def_load_bio(CONF *conf, BIO *in, long *line)
         again = 0;
         for (;;) {
                 if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
-                        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+                        CONFerror(ERR_R_BUF_LIB);
                         goto err;
                 }
                 p = &(buff->data[bufnum]);
@@ -316,8 +315,7 @@ again:
                                         ss = p;
                                         goto again;
                                 }
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
-                                    CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+                                CONFerror(CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
                                 goto err;
                         }
                         *end = '\0';
@@ -326,8 +324,7 @@ again:
                         if ((sv = _CONF_get_section(conf, section)) == NULL)
                                 sv = _CONF_new_section(conf, section);
                         if (sv == NULL) {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
-                                    CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                                CONFerror(CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
                                 goto err;
                         }
                         continue;
@@ -344,8 +341,7 @@ again:
                         }
                         p = eat_ws(conf, end);
                         if (*p != '=') {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
-                                    CONF_R_MISSING_EQUAL_SIGN);
+                                CONFerror(CONF_R_MISSING_EQUAL_SIGN);
                                 goto err;
                         }
                         *end = '\0';
@@ -360,8 +356,7 @@ again:
                         *p = '\0';
 
                         if (!(v = malloc(sizeof(CONF_VALUE)))) {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
-                                    ERR_R_MALLOC_FAILURE);
+                                CONFerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         if (psection == NULL)
@@ -369,8 +364,7 @@ again:
                         v->name = strdup(pname);
                         v->value = NULL;
                         if (v->name == NULL) {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
-                                    ERR_R_MALLOC_FAILURE);
+                                CONFerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         if (!str_copy(conf, psection, &(v->value), start))
@@ -381,16 +375,14 @@ again:
                                         == NULL)
                                         tv = _CONF_new_section(conf, psection);
                                 if (tv == NULL) {
-                                        CONFerr(CONF_F_DEF_LOAD_BIO,
-                                            CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                                        CONFerror(CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
                                         goto err;
                                 }
                         } else
                                 tv = sv;
 
                         if (_CONF_add_string(conf, tv, v) == 0) {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
-                                    ERR_R_MALLOC_FAILURE);
+                                CONFerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         v = NULL;
@@ -549,8 +541,7 @@ str_copy(CONF *conf, char *section, char **pto, char *from)
                         rp = e;
                         if (q) {
                                 if (r != q) {
-                                        CONFerr(CONF_F_STR_COPY,
-                                            CONF_R_NO_CLOSE_BRACE);
+                                        CONFerror(CONF_R_NO_CLOSE_BRACE);
                                         goto err;
                                 }
                                 e++;
@@ -569,14 +560,12 @@ str_copy(CONF *conf, char *section, char **pto, char *from)
                                 *rrp = rr;
                         *rp = r;
                         if (p == NULL) {
-                                CONFerr(CONF_F_STR_COPY,
-                                    CONF_R_VARIABLE_HAS_NO_VALUE);
+                                CONFerror(CONF_R_VARIABLE_HAS_NO_VALUE);
                                 goto err;
                         }
                         if (!BUF_MEM_grow_clean(buf,
                                 (strlen(p) + buf->length - (e - from)))) {
-                                CONFerr(CONF_F_STR_COPY,
-                                    CONF_R_MODULE_INITIALIZATION_ERROR);
+                                CONFerror(CONF_R_MODULE_INITIALIZATION_ERROR);
                                 goto err;
                         }
                         while (*p)
diff --git a/src/lib/libcrypto/conf/conf_err.c b/src/lib/libcrypto/conf/conf_err.c
index a1a7cbe42e..dbb373ae85 100644
--- a/src/lib/libcrypto/conf/conf_err.c
+++ b/src/lib/libcrypto/conf/conf_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_err.c,v 1.12 2014/07/10 22:45:56 jsing Exp $ */
+/* $OpenBSD: conf_err.c,v 1.13 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
  *
@@ -72,28 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
 
 static ERR_STRING_DATA CONF_str_functs[]= {
-        {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
-        {ERR_FUNC(CONF_F_CONF_LOAD),    "CONF_load"},
-        {ERR_FUNC(CONF_F_CONF_LOAD_BIO),        "CONF_load_bio"},
-        {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
-        {ERR_FUNC(CONF_F_CONF_MODULES_LOAD),    "CONF_modules_load"},
-        {ERR_FUNC(CONF_F_CONF_PARSE_LIST),      "CONF_parse_list"},
-        {ERR_FUNC(CONF_F_DEF_LOAD),     "DEF_LOAD"},
-        {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"},
-        {ERR_FUNC(CONF_F_MODULE_INIT),  "MODULE_INIT"},
-        {ERR_FUNC(CONF_F_MODULE_LOAD_DSO),      "MODULE_LOAD_DSO"},
-        {ERR_FUNC(CONF_F_MODULE_RUN),   "MODULE_RUN"},
-        {ERR_FUNC(CONF_F_NCONF_DUMP_BIO),       "NCONF_dump_bio"},
-        {ERR_FUNC(CONF_F_NCONF_DUMP_FP),        "NCONF_dump_fp"},
-        {ERR_FUNC(CONF_F_NCONF_GET_NUMBER),     "NCONF_get_number"},
-        {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E),   "NCONF_get_number_e"},
-        {ERR_FUNC(CONF_F_NCONF_GET_SECTION),    "NCONF_get_section"},
-        {ERR_FUNC(CONF_F_NCONF_GET_STRING),     "NCONF_get_string"},
-        {ERR_FUNC(CONF_F_NCONF_LOAD),   "NCONF_load"},
-        {ERR_FUNC(CONF_F_NCONF_LOAD_BIO),       "NCONF_load_bio"},
-        {ERR_FUNC(CONF_F_NCONF_LOAD_FP),        "NCONF_load_fp"},
-        {ERR_FUNC(CONF_F_NCONF_NEW),    "NCONF_new"},
-        {ERR_FUNC(CONF_F_STR_COPY),     "STR_COPY"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/conf/conf_lib.c b/src/lib/libcrypto/conf/conf_lib.c
index c7e026e725..995ba3ef67 100644
--- a/src/lib/libcrypto/conf/conf_lib.c
+++ b/src/lib/libcrypto/conf/conf_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_lib.c,v 1.14 2016/08/05 17:25:51 deraadt Exp $ */
+/* $OpenBSD: conf_lib.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
  * project 2000.
  */
@@ -94,7 +94,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
 
         in = BIO_new_file(file, "rb");
         if (in == NULL) {
-                CONFerr(CONF_F_CONF_LOAD, ERR_R_SYS_LIB);
+                CONFerror(ERR_R_SYS_LIB);
                 return NULL;
         }
 
@@ -111,7 +111,7 @@ LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
         LHASH_OF(CONF_VALUE) *ltmp;
 
         if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-                CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB);
+                CONFerror(ERR_R_BUF_LIB);
                 return NULL;
         }
         ltmp = CONF_load_bio(conf, btmp, eline);
@@ -196,7 +196,7 @@ CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
         int ret;
 
         if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
-                CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB);
+                CONFerror(ERR_R_BUF_LIB);
                 return 0;
         }
         ret = CONF_dump_bio(conf, btmp);
@@ -229,7 +229,7 @@ NCONF_new(CONF_METHOD *meth)
 
         ret = meth->create(meth);
         if (ret == NULL) {
-                CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE);
+                CONFerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
 
@@ -256,7 +256,7 @@ int
 NCONF_load(CONF *conf, const char *file, long *eline)
 {
         if (conf == NULL) {
-                CONFerr(CONF_F_NCONF_LOAD, CONF_R_NO_CONF);
+                CONFerror(CONF_R_NO_CONF);
                 return 0;
         }
 
@@ -270,7 +270,7 @@ NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
         int ret;
 
         if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-                CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB);
+                CONFerror(ERR_R_BUF_LIB);
                 return 0;
         }
         ret = NCONF_load_bio(conf, btmp, eline);
@@ -282,7 +282,7 @@ int
 NCONF_load_bio(CONF *conf, BIO *bp, long *eline)
 {
         if (conf == NULL) {
-                CONFerr(CONF_F_NCONF_LOAD_BIO, CONF_R_NO_CONF);
+                CONFerror(CONF_R_NO_CONF);
                 return 0;
         }
 
@@ -293,12 +293,12 @@ STACK_OF(CONF_VALUE) *
 NCONF_get_section(const CONF *conf, const char *section)
 {
         if (conf == NULL) {
-                CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_CONF);
+                CONFerror(CONF_R_NO_CONF);
                 return NULL;
         }
 
         if (section == NULL) {
-                CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_SECTION);
+                CONFerror(CONF_R_NO_SECTION);
                 return NULL;
         }
 
@@ -316,11 +316,10 @@ NCONF_get_string(const CONF *conf, const char *group, const char *name)
                 return s;
 
         if (conf == NULL) {
-                CONFerr(CONF_F_NCONF_GET_STRING,
-                    CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
+                CONFerror(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
                 return NULL;
         }
-        CONFerr(CONF_F_NCONF_GET_STRING, CONF_R_NO_VALUE);
+        CONFerror(CONF_R_NO_VALUE);
         ERR_asprintf_error_data("group=%s name=%s",
             group ? group : "", name);
         return NULL;
@@ -333,7 +332,7 @@ NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
         char *str;
 
         if (result == NULL) {
-                CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER);
+                CONFerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
 
@@ -356,7 +355,7 @@ NCONF_dump_fp(const CONF *conf, FILE *out)
         BIO *btmp;
         int ret;
         if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
-                CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB);
+                CONFerror(ERR_R_BUF_LIB);
                 return 0;
         }
         ret = NCONF_dump_bio(conf, btmp);
@@ -368,7 +367,7 @@ int
 NCONF_dump_bio(const CONF *conf, BIO *out)
 {
         if (conf == NULL) {
-                CONFerr(CONF_F_NCONF_DUMP_BIO, CONF_R_NO_CONF);
+                CONFerror(CONF_R_NO_CONF);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index cb54cc2a87..9f252385e8 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_mod.c,v 1.26 2015/04/11 16:03:21 deraadt Exp $ */
+/* $OpenBSD: conf_mod.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -211,7 +211,7 @@ module_run(const CONF *cnf, char *name, char *value, unsigned long flags)
 
         if (!md) {
                 if (!(flags & CONF_MFLAGS_SILENT)) {
-                        CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
+                        CONFerror(CONF_R_UNKNOWN_MODULE_NAME);
                         ERR_asprintf_error_data("module=%s", name);
                 }
                 return -1;
@@ -221,8 +221,7 @@ module_run(const CONF *cnf, char *name, char *value, unsigned long flags)
 
         if (ret <= 0) {
                 if (!(flags & CONF_MFLAGS_SILENT)) {
-                        CONFerr(CONF_F_MODULE_RUN,
-                            CONF_R_MODULE_INITIALIZATION_ERROR);
+                        CONFerror(CONF_R_MODULE_INITIALIZATION_ERROR);
                         ERR_asprintf_error_data
                             ("module=%s, value=%s, retcode=%-8d",
                             name, value, ret);
@@ -271,7 +270,7 @@ module_load_dso(const CONF *cnf, char *name, char *value, unsigned long flags)
 err:
         if (dso)
                 DSO_free(dso);
-        CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
+        CONFerror(errcode);
         ERR_asprintf_error_data("module=%s, path=%s", name, path);
         return NULL;
 }
@@ -368,13 +367,13 @@ module_init(CONF_MODULE *pmod, char *name, char *value, const CONF *cnf)
         if (initialized_modules == NULL) {
                 initialized_modules = sk_CONF_IMODULE_new_null();
                 if (!initialized_modules) {
-                        CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+                        CONFerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
 
         if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
-                CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+                CONFerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -566,7 +565,7 @@ CONF_parse_list(const char *list_, int sep, int nospc,
         const char *lstart, *tmpend, *p;
 
         if (list_ == NULL) {
-                CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
+                CONFerror(CONF_R_LIST_CANNOT_BE_NULL);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
index 8dec9caa93..1bc245ed0a 100644
--- a/src/lib/libcrypto/cryptlib.c
+++ b/src/lib/libcrypto/cryptlib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptlib.c,v 1.39 2016/11/04 17:30:30 miod Exp $ */
+/* $OpenBSD: cryptlib.c,v 1.40 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -210,11 +210,11 @@ CRYPTO_get_new_lockid(char *name)
 
         if ((app_locks == NULL) &&
             ((app_locks = sk_OPENSSL_STRING_new_null()) == NULL)) {
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE);
+                CRYPTOerror(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
         if (name == NULL || (str = strdup(name)) == NULL) {
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE);
+                CRYPTOerror(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
         i = sk_OPENSSL_STRING_push(app_locks, str);
@@ -238,32 +238,28 @@ CRYPTO_get_new_dynlockid(void)
         CRYPTO_dynlock *pointer = NULL;
 
         if (dynlock_create_callback == NULL) {
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
-                    CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
+                CRYPTOerror(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
                 return (0);
         }
         CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
         if ((dyn_locks == NULL) &&
             ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) {
                 CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
-                    ERR_R_MALLOC_FAILURE);
+                CRYPTOerror(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
         CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
 
         pointer = malloc(sizeof(CRYPTO_dynlock));
         if (pointer == NULL) {
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
-                    ERR_R_MALLOC_FAILURE);
+                CRYPTOerror(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
         pointer->references = 1;
         pointer->data = dynlock_create_callback(__FILE__, __LINE__);
         if (pointer->data == NULL) {
                 free(pointer);
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
-                    ERR_R_MALLOC_FAILURE);
+                CRYPTOerror(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
 
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index 24c8bb25ec..0402092a4f 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.13 2015/01/08 01:44:29 doug Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -89,7 +89,7 @@ dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
         X509_ALGOR_get0(NULL, &ptype, &pval, palg);
 
         if (ptype != V_ASN1_SEQUENCE) {
-                DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
+                DHerror(DH_R_PARAMETER_ENCODING_ERROR);
                 goto err;
         }
 
@@ -98,18 +98,18 @@ dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
         pmlen = pstr->length;
 
         if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {
-                DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+                DHerror(DH_R_DECODE_ERROR);
                 goto err;
         }
 
         if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
-                DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+                DHerror(DH_R_DECODE_ERROR);
                 goto err;
         }
 
         /* We have parameters now set public key */
         if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
-                DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
+                DHerror(DH_R_BN_DECODE_ERROR);
                 goto err;
         }
 
@@ -138,13 +138,13 @@ dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 
         str = ASN1_STRING_new();
         if (str == NULL) {
-                DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                DHerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         str->length = i2d_DHparams(dh, &str->data);
         if (str->length <= 0) {
-                DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                DHerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         ptype = V_ASN1_SEQUENCE;
@@ -158,7 +158,7 @@ dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
         ASN1_INTEGER_free(pub_key);
 
         if (penclen <= 0) {
-                DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                DHerror(ERR_R_MALLOC_FAILURE);
                 goto err;
                 }
 
@@ -209,7 +209,7 @@ dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
                 goto decerr;
         /* We have parameters now set private key */
         if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
-                DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
+                DHerror(DH_R_BN_ERROR);
                 goto dherr;
         }
         /* Calculate public key */
@@ -223,7 +223,7 @@ dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
         return 1;
 
 decerr:
-        DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
+        DHerror(EVP_R_DECODE_ERROR);
 dherr:
         DH_free(dh);
         return 0;
@@ -240,13 +240,13 @@ dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
         params = ASN1_STRING_new();
 
         if (!params) {
-                DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+                DHerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
         if (params->length <= 0) {
-                DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                DHerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         params->type = V_ASN1_SEQUENCE;
@@ -255,7 +255,7 @@ dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
         prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
 
         if (!prkey) {
-                DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
+                DHerror(DH_R_BN_ERROR);
                 goto err;
         }
 
@@ -294,7 +294,7 @@ dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
         DH *dh;
 
         if (!(dh = d2i_DHparams(NULL, pder, derlen))) {
-                DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
+                DHerror(ERR_R_DH_LIB);
                 return 0;
         }
         EVP_PKEY_assign_DH(pkey, dh);
@@ -374,7 +374,7 @@ do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype)
         ret = 1;
         if (0) {
 err:
-                DHerr(DH_F_DO_DH_PRINT,reason);
+                DHerror(reason);
         }
         free(m);
         return(ret);
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
index 3774ba3c45..497f88436e 100644
--- a/src/lib/libcrypto/dh/dh_err.c
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_err.c,v 1.15 2014/07/10 22:45:56 jsing Exp $ */
+/* $OpenBSD: dh_err.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -71,27 +71,10 @@
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
 
-static ERR_STRING_DATA DH_str_functs[]=
-        {
-{ERR_FUNC(DH_F_COMPUTE_KEY),    "COMPUTE_KEY"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),      "DHparams_print_fp"},
-{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),   "DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_KEY),        "DH_generate_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX),      "DH_generate_parameters_ex"},
-{ERR_FUNC(DH_F_DH_NEW_METHOD),  "DH_new_method"},
-{ERR_FUNC(DH_F_DH_PARAM_DECODE),        "DH_PARAM_DECODE"},
-{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
-{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"},
-{ERR_FUNC(DH_F_DH_PUB_DECODE),  "DH_PUB_DECODE"},
-{ERR_FUNC(DH_F_DH_PUB_ENCODE),  "DH_PUB_ENCODE"},
-{ERR_FUNC(DH_F_DO_DH_PRINT),    "DO_DH_PRINT"},
-{ERR_FUNC(DH_F_GENERATE_KEY),   "GENERATE_KEY"},
-{ERR_FUNC(DH_F_GENERATE_PARAMETERS),    "GENERATE_PARAMETERS"},
-{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"},
-{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"},
-{0,NULL}
-        };
+static ERR_STRING_DATA DH_str_functs[]= {
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
+        {0, NULL}
+};
 
 static ERR_STRING_DATA DH_str_reasons[]=
         {
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index de566802d3..99394113ee 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_gen.c,v 1.15 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: dh_gen.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -127,7 +127,7 @@ dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
                 goto err;
         
         if (generator <= 1) {
-                DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+                DHerror(DH_R_BAD_GENERATOR);
                 goto err;
         }
         if (generator == DH_GENERATOR_2) {
@@ -167,7 +167,7 @@ dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
         ok = 1;
 err:
         if (ok == -1) {
-                DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
+                DHerror(ERR_R_BN_LIB);
                 ok = 0;
         }
 
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 5b365cdd06..63d38771c3 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_key.c,v 1.26 2017/01/21 09:38:58 beck Exp $ */
+/* $OpenBSD: dh_key.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -165,7 +165,7 @@ generate_key(DH *dh)
         ok = 1;
 err:
         if (ok != 1)
-                DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
+                DHerror(ERR_R_BN_LIB);
 
         if (pub_key != NULL && dh->pub_key == NULL)
                 BN_free(pub_key);
@@ -185,7 +185,7 @@ compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         int check_result;
 
         if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
-                DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+                DHerror(DH_R_MODULUS_TOO_LARGE);
                 goto err;
         }
 
@@ -197,7 +197,7 @@ compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
                 goto err;
         
         if (dh->priv_key == NULL) {
-                DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
+                DHerror(DH_R_NO_PRIVATE_VALUE);
                 goto err;
         }
 
@@ -212,13 +212,13 @@ compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         }
 
         if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
-                DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
+                DHerror(DH_R_INVALID_PUBKEY);
                 goto err;
         }
 
         if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx,
             mont)) {
-                DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+                DHerror(ERR_R_BN_LIB);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index defe1c74b4..d45dc17168 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_lib.c,v 1.21 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: dh_lib.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -121,7 +121,7 @@ DH_new_method(ENGINE *engine)
 
         ret = malloc(sizeof(DH));
         if (ret == NULL) {
-                DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+                DHerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -129,7 +129,7 @@ DH_new_method(ENGINE *engine)
 #ifndef OPENSSL_NO_ENGINE
         if (engine) {
                 if (!ENGINE_init(engine)) {
-                        DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        DHerror(ERR_R_ENGINE_LIB);
                         free(ret);
                         return NULL;
                 }
@@ -139,7 +139,7 @@ DH_new_method(ENGINE *engine)
         if(ret->engine) {
                 ret->meth = ENGINE_get_DH(ret->engine);
                 if (!ret->meth) {
-                        DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        DHerror(ERR_R_ENGINE_LIB);
                         ENGINE_finish(ret->engine);
                         free(ret);
                         return NULL;
diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c
index 6d750eb30d..24d16ff5d3 100644
--- a/src/lib/libcrypto/dh/dh_pmeth.c
+++ b/src/lib/libcrypto/dh/dh_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_pmeth.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: dh_pmeth.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -215,7 +215,7 @@ pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         DH *dh = NULL;
 
         if (ctx->pkey == NULL) {
-                DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
+                DHerror(DH_R_NO_PARAMETERS_SET);
                 return 0;
         }
         dh = DH_new();
@@ -234,7 +234,7 @@ pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
         int ret;
 
         if (!ctx->pkey || !ctx->peerkey) {
-                DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
+                DHerror(DH_R_KEYS_NOT_SET);
                 return 0;
         }
         ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
diff --git a/src/lib/libcrypto/dh/dh_prn.c b/src/lib/libcrypto/dh/dh_prn.c
index 73d0476e21..56a96f8631 100644
--- a/src/lib/libcrypto/dh/dh_prn.c
+++ b/src/lib/libcrypto/dh/dh_prn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_prn.c,v 1.5 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: dh_prn.c,v 1.6 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -69,7 +69,7 @@ DHparams_print_fp(FILE *fp, const DH *x)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+                DHerror(ERR_R_BUF_LIB);
                 return 0;
         }
         BIO_set_fp(b,fp,BIO_NOCLOSE);
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index b589d39892..92f543de9e 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.22 2017/01/21 10:38:29 beck Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -92,26 +92,26 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
                 pmlen = pstr->length;
 
                 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
-                        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+                        DSAerror(DSA_R_DECODE_ERROR);
                         goto err;
                 }
         } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) {
                 if (!(dsa = DSA_new())) {
-                        DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
+                        DSAerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                         }
         } else {
-                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
+                DSAerror(DSA_R_PARAMETER_ENCODING_ERROR);
                 goto err;
         }
 
         if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
-                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+                DSAerror(DSA_R_DECODE_ERROR);
                 goto err;
         }
 
         if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
-                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
+                DSAerror(DSA_R_BN_DECODE_ERROR);
                 goto err;
         }
 
@@ -141,12 +141,12 @@ dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 
                 str = ASN1_STRING_new();
                 if (str == NULL) {
-                        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                        DSAerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 str->length = i2d_DSAparams(dsa, &str->data);
                 if (str->length <= 0) {
-                        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                        DSAerror(ERR_R_MALLOC_FAILURE);
                         ASN1_STRING_free(str);
                         goto err;
                 }
@@ -160,7 +160,7 @@ dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
         penclen = i2d_DSAPublicKey(dsa, &penc);
 
         if (penclen <= 0) {
-                DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                DSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -211,21 +211,21 @@ dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
                 goto decerr;
         /* We have parameters now set private key */
         if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
-                DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
+                DSAerror(DSA_R_BN_ERROR);
                 goto dsaerr;
         }
         /* Calculate public key */
         if (!(dsa->pub_key = BN_new())) {
-                DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+                DSAerror(ERR_R_MALLOC_FAILURE);
                 goto dsaerr;
         }
         if (!(ctx = BN_CTX_new())) {
-                DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+                DSAerror(ERR_R_MALLOC_FAILURE);
                 goto dsaerr;
         }
 
         if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
-                DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
+                DSAerror(DSA_R_BN_ERROR);
                 goto dsaerr;
         }
 
@@ -236,7 +236,7 @@ dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
         goto done;
 
 decerr:
-        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
+        DSAerror(DSA_R_DECODE_ERROR);
 dsaerr:
         DSA_free(dsa);
 done:
@@ -255,13 +255,13 @@ dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
         params = ASN1_STRING_new();
         if (!params) {
-                DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+                DSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
         if (params->length <= 0) {
-                DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+                DSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         params->type = V_ASN1_SEQUENCE;
@@ -269,7 +269,7 @@ dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
         /* Get private key into integer */
         prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
         if (!prkey) {
-                DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
+                DSAerror(DSA_R_BN_ERROR);
                 goto err;
         }
 
@@ -407,7 +407,7 @@ do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
 
         m = malloc(buf_len + 10);
         if (m == NULL) {
-                DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE);
+                DSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -441,7 +441,7 @@ dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
         DSA *dsa;
 
         if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) {
-                DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
+                DSAerror(ERR_R_DSA_LIB);
                 return 0;
         }
         EVP_PKEY_assign_DSA(pkey, dsa);
@@ -480,7 +480,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
         BIGNUM *j, *p1, *newp1;
 
         if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) {
-                DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
+                DSAerror(ERR_R_DSA_LIB);
                 return 0;
         }
 
@@ -507,7 +507,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
         if (BN_mul(newp1, dsa->q, j, ctx) == 0)
                 goto err;
         if (BN_cmp(newp1, p1) != 0) {
-                DSAerr(DSA_F_DSA_PARAM_DECODE, DSA_R_BAD_Q_VALUE);
+                DSAerror(DSA_R_BAD_Q_VALUE);
                 goto err;
         }
 
@@ -516,7 +516,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
          */
 
         if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) == 0) {
-                DSAerr(DSA_F_DSA_PARAM_DECODE, DSA_R_BAD_Q_VALUE);
+                DSAerror(DSA_R_BAD_Q_VALUE);
                 goto err;
         }
 
@@ -561,7 +561,7 @@ dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig,
                 update_buflen(dsa_sig->s, &buf_len);
                 m = malloc(buf_len + 10);
                 if (m == NULL) {
-                        DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE);
+                        DSAerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
 
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
index 5a1c7ceb71..d7b77470bd 100644
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_asn1.c,v 1.18 2016/12/30 15:28:42 jsing Exp $ */
+/* $OpenBSD: dsa_asn1.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -73,7 +73,7 @@ sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 
                 sig = malloc(sizeof(DSA_SIG));
                 if (!sig) {
-                        DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
+                        DSAerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 sig->r = NULL;
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index b116b643c3..2dcddcbf77 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_err.c,v 1.14 2014/07/10 22:45:56 jsing Exp $ */
+/* $OpenBSD: dsa_err.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -71,35 +71,10 @@
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
 
-static ERR_STRING_DATA DSA_str_functs[]=
-        {
-{ERR_FUNC(DSA_F_D2I_DSA_SIG),   "d2i_DSA_SIG"},
-{ERR_FUNC(DSA_F_DO_DSA_PRINT),  "DO_DSA_PRINT"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT),       "DSAparams_print"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),    "DSAparams_print_fp"},
-{ERR_FUNC(DSA_F_DSA_DO_SIGN),   "DSA_do_sign"},
-{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
-{ERR_FUNC(DSA_F_DSA_GENERATE_KEY),      "DSA_generate_key"},
-{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS_EX),    "DSA_generate_parameters_ex"},
-{ERR_FUNC(DSA_F_DSA_NEW_METHOD),        "DSA_new_method"},
-{ERR_FUNC(DSA_F_DSA_PARAM_DECODE),      "DSA_PARAM_DECODE"},
-{ERR_FUNC(DSA_F_DSA_PRINT_FP),  "DSA_print_fp"},
-{ERR_FUNC(DSA_F_DSA_PRIV_DECODE),       "DSA_PRIV_DECODE"},
-{ERR_FUNC(DSA_F_DSA_PRIV_ENCODE),       "DSA_PRIV_ENCODE"},
-{ERR_FUNC(DSA_F_DSA_PUB_DECODE),        "DSA_PUB_DECODE"},
-{ERR_FUNC(DSA_F_DSA_PUB_ENCODE),        "DSA_PUB_ENCODE"},
-{ERR_FUNC(DSA_F_DSA_SIGN),      "DSA_sign"},
-{ERR_FUNC(DSA_F_DSA_SIGN_SETUP),        "DSA_sign_setup"},
-{ERR_FUNC(DSA_F_DSA_SIG_NEW),   "DSA_SIG_new"},
-{ERR_FUNC(DSA_F_DSA_SIG_PRINT), "DSA_SIG_PRINT"},
-{ERR_FUNC(DSA_F_DSA_VERIFY),    "DSA_verify"},
-{ERR_FUNC(DSA_F_I2D_DSA_SIG),   "i2d_DSA_SIG"},
-{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE),   "OLD_DSA_PRIV_DECODE"},
-{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
-{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN),       "PKEY_DSA_KEYGEN"},
-{ERR_FUNC(DSA_F_SIG_CB),        "SIG_CB"},
-{0,NULL}
-        };
+static ERR_STRING_DATA DSA_str_functs[]= {
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
+        {0, NULL}
+};
 
 static ERR_STRING_DATA DSA_str_reasons[]=
         {
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 8016f2f7cb..58af74889c 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_lib.c,v 1.22 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: dsa_lib.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -126,14 +126,14 @@ DSA_new_method(ENGINE *engine)
 
         ret = malloc(sizeof(DSA));
         if (ret == NULL) {
-                DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+                DSAerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         ret->meth = DSA_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
         if (engine) {
                 if (!ENGINE_init(engine)) {
-                        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        DSAerror(ERR_R_ENGINE_LIB);
                         free(ret);
                         return NULL;
                 }
@@ -143,7 +143,7 @@ DSA_new_method(ENGINE *engine)
         if (ret->engine) {
                 ret->meth = ENGINE_get_DSA(ret->engine);
                 if (!ret->meth) {
-                        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        DSAerror(ERR_R_ENGINE_LIB);
                         ENGINE_finish(ret->engine);
                         free(ret);
                         return NULL;
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index f806cd645a..f1013fe547 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.29 2017/01/21 11:00:46 beck Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.30 2017/01/29 17:49:22 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -169,7 +169,7 @@ redo:
         
 err:
         if (!ret) {
-                DSAerr(DSA_F_DSA_DO_SIGN, reason);
+                DSAerror(reason);
                 BN_free(r);
                 BN_free(s);
         }
@@ -188,7 +188,7 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         int ret = 0;
 
         if (!dsa->p || !dsa->q || !dsa->g) {
-                DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+                DSAerror(DSA_R_MISSING_PARAMETERS);
                 return 0;
         }
 
@@ -259,7 +259,7 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         ret = 1;
 err:
         if (!ret) {
-                DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
+                DSAerror(ERR_R_BN_LIB);
                 BN_clear_free(r);
         }
         if (ctx_in == NULL)
@@ -277,19 +277,19 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
         int ret = -1, i;
 
         if (!dsa->p || !dsa->q || !dsa->g) {
-                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
+                DSAerror(DSA_R_MISSING_PARAMETERS);
                 return -1;
         }
 
         i = BN_num_bits(dsa->q);
         /* fips 186-3 allows only different sizes for q */
         if (i != 160 && i != 224 && i != 256) {
-                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
+                DSAerror(DSA_R_BAD_Q_VALUE);
                 return -1;
         }
 
         if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
-                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
+                DSAerror(DSA_R_MODULUS_TOO_LARGE);
                 return -1;
         }
         BN_init(&u1);
@@ -363,7 +363,7 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
 
 err:
         if (ret < 0)
-                DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
+                DSAerror(ERR_R_BN_LIB);
         BN_CTX_free(ctx);
         BN_free(&u1);
         BN_free(&u2);
diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c
index c7a2edfc94..780b070a72 100644
--- a/src/lib/libcrypto/dsa/dsa_pmeth.c
+++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_pmeth.c,v 1.10 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: dsa_pmeth.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -191,7 +191,7 @@ pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 case NID_sha256:
                         break;
                 default:
-                        DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+                        DSAerror(DSA_R_INVALID_DIGEST_TYPE);
                         return 0;
                 }
                 dctx->md = p2;
@@ -208,7 +208,7 @@ pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 case NID_sha512:
                         break;
                 default:
-                        DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+                        DSAerror(DSA_R_INVALID_DIGEST_TYPE);
                         return 0;
                 }
                 dctx->md = p2;
@@ -220,8 +220,7 @@ pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 return 1;
                 
         case EVP_PKEY_CTRL_PEER_KEY:
-                DSAerr(DSA_F_PKEY_DSA_CTRL,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                DSAerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;      
         default:
                 return -2;
@@ -303,7 +302,7 @@ pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         DSA *dsa = NULL;
 
         if (ctx->pkey == NULL) {
-                DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
+                DSAerror(DSA_R_NO_PARAMETERS_SET);
                 return 0;
         }
         dsa = DSA_new();
diff --git a/src/lib/libcrypto/dsa/dsa_prn.c b/src/lib/libcrypto/dsa/dsa_prn.c
index 60f4e6c760..fb5e35f909 100644
--- a/src/lib/libcrypto/dsa/dsa_prn.c
+++ b/src/lib/libcrypto/dsa/dsa_prn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_prn.c,v 1.5 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: dsa_prn.c,v 1.6 2017/01/29 17:49:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -69,7 +69,7 @@ DSA_print_fp(FILE *fp, const DSA *x, int off)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
+                DSAerror(ERR_R_BUF_LIB);
                 return 0;
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -85,7 +85,7 @@ DSAparams_print_fp(FILE *fp, const DSA *x)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+                DSAerror(ERR_R_BUF_LIB);
                 return 0;
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c
index f22e641bab..95afd26b82 100644
--- a/src/lib/libcrypto/dso/dso_dlfcn.c
+++ b/src/lib/libcrypto/dso/dso_dlfcn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dso_dlfcn.c,v 1.28 2015/02/07 13:19:15 doug Exp $ */
+/* $OpenBSD: dso_dlfcn.c,v 1.29 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -119,7 +119,7 @@ dlfcn_load(DSO *dso)
         int flags = RTLD_LAZY;
 
         if (filename == NULL) {
-                DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
+                DSOerror(DSO_R_NO_FILENAME);
                 goto err;
         }
 
@@ -127,13 +127,13 @@ dlfcn_load(DSO *dso)
                 flags |= RTLD_GLOBAL;
         ptr = dlopen(filename, flags);
         if (ptr == NULL) {
-                DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
+                DSOerror(DSO_R_LOAD_FAILED);
                 ERR_asprintf_error_data("filename(%s): %s", filename,
                     dlerror());
                 goto err;
         }
         if (!sk_void_push(dso->meth_data, (char *)ptr)) {
-                DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
+                DSOerror(DSO_R_STACK_ERROR);
                 goto err;
         }
         /* Success */
@@ -153,14 +153,14 @@ dlfcn_unload(DSO *dso)
 {
         void *ptr;
         if (dso == NULL) {
-                DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
         if (sk_void_num(dso->meth_data) < 1)
                 return (1);
         ptr = sk_void_pop(dso->meth_data);
         if (ptr == NULL) {
-                DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE);
+                DSOerror(DSO_R_NULL_HANDLE);
                 /* Should push the value back onto the stack in
                  * case of a retry. */
                 sk_void_push(dso->meth_data, ptr);
@@ -177,21 +177,21 @@ dlfcn_bind_var(DSO *dso, const char *symname)
         void *ptr, *sym;
 
         if ((dso == NULL) || (symname == NULL)) {
-                DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (NULL);
         }
         if (sk_void_num(dso->meth_data) < 1) {
-                DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR);
+                DSOerror(DSO_R_STACK_ERROR);
                 return (NULL);
         }
         ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
         if (ptr == NULL) {
-                DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE);
+                DSOerror(DSO_R_NULL_HANDLE);
                 return (NULL);
         }
         sym = dlsym(ptr, symname);
         if (sym == NULL) {
-                DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE);
+                DSOerror(DSO_R_SYM_FAILURE);
                 ERR_asprintf_error_data("symname(%s): %s", symname, dlerror());
                 return (NULL);
         }
@@ -208,21 +208,21 @@ dlfcn_bind_func(DSO *dso, const char *symname)
         } u;
 
         if ((dso == NULL) || (symname == NULL)) {
-                DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (NULL);
         }
         if (sk_void_num(dso->meth_data) < 1) {
-                DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR);
+                DSOerror(DSO_R_STACK_ERROR);
                 return (NULL);
         }
         ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
         if (ptr == NULL) {
-                DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE);
+                DSOerror(DSO_R_NULL_HANDLE);
                 return (NULL);
         }
         u.dlret = dlsym(ptr, symname);
         if (u.dlret == NULL) {
-                DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE);
+                DSOerror(DSO_R_SYM_FAILURE);
                 ERR_asprintf_error_data("symname(%s): %s", symname, dlerror());
                 return (NULL);
         }
@@ -235,8 +235,7 @@ dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2)
         char *merged;
 
         if (!filespec1 && !filespec2) {
-                DSOerr(DSO_F_DLFCN_MERGER,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (NULL);
         }
         /* If the first file specification is a rooted path, it rules.
@@ -244,7 +243,7 @@ dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2)
         if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) {
                 merged = strdup(filespec1);
                 if (!merged) {
-                        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+                        DSOerror(ERR_R_MALLOC_FAILURE);
                         return (NULL);
                 }
         }
@@ -252,7 +251,7 @@ dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2)
         else if (!filespec1) {
                 merged = strdup(filespec2);
                 if (!merged) {
-                        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+                        DSOerror(ERR_R_MALLOC_FAILURE);
                         return (NULL);
                 }
         } else
@@ -273,7 +272,7 @@ dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2)
                 }
                 merged = malloc(len + 2);
                 if (!merged) {
-                        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+                        DSOerror(ERR_R_MALLOC_FAILURE);
                         return (NULL);
                 }
                 strlcpy(merged, filespec2, len + 2);
@@ -306,8 +305,7 @@ dlfcn_name_converter(DSO *dso, const char *filename)
         }
 
         if (translated == NULL)
-                DSOerr(DSO_F_DLFCN_NAME_CONVERTER,
-                    DSO_R_NAME_TRANSLATION_FAILED);
+                DSOerror(DSO_R_NAME_TRANSLATION_FAILED);
         return (translated);
 }
 
diff --git a/src/lib/libcrypto/dso/dso_err.c b/src/lib/libcrypto/dso/dso_err.c
index b8514a4aef..be6375a3a7 100644
--- a/src/lib/libcrypto/dso/dso_err.c
+++ b/src/lib/libcrypto/dso/dso_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dso_err.c,v 1.8 2014/07/10 22:45:56 jsing Exp $ */
+/* $OpenBSD: dso_err.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -72,55 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
 
 static ERR_STRING_DATA DSO_str_functs[]= {
-        {ERR_FUNC(DSO_F_BEOS_BIND_FUNC),        "BEOS_BIND_FUNC"},
-        {ERR_FUNC(DSO_F_BEOS_BIND_VAR), "BEOS_BIND_VAR"},
-        {ERR_FUNC(DSO_F_BEOS_LOAD),     "BEOS_LOAD"},
-        {ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER),   "BEOS_NAME_CONVERTER"},
-        {ERR_FUNC(DSO_F_BEOS_UNLOAD),   "BEOS_UNLOAD"},
-        {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC),       "DLFCN_BIND_FUNC"},
-        {ERR_FUNC(DSO_F_DLFCN_BIND_VAR),        "DLFCN_BIND_VAR"},
-        {ERR_FUNC(DSO_F_DLFCN_LOAD),    "DLFCN_LOAD"},
-        {ERR_FUNC(DSO_F_DLFCN_MERGER),  "DLFCN_MERGER"},
-        {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER),  "DLFCN_NAME_CONVERTER"},
-        {ERR_FUNC(DSO_F_DLFCN_UNLOAD),  "DLFCN_UNLOAD"},
-        {ERR_FUNC(DSO_F_DL_BIND_FUNC),  "DL_BIND_FUNC"},
-        {ERR_FUNC(DSO_F_DL_BIND_VAR),   "DL_BIND_VAR"},
-        {ERR_FUNC(DSO_F_DL_LOAD),       "DL_LOAD"},
-        {ERR_FUNC(DSO_F_DL_MERGER),     "DL_MERGER"},
-        {ERR_FUNC(DSO_F_DL_NAME_CONVERTER),     "DL_NAME_CONVERTER"},
-        {ERR_FUNC(DSO_F_DL_UNLOAD),     "DL_UNLOAD"},
-        {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
-        {ERR_FUNC(DSO_F_DSO_BIND_VAR),  "DSO_bind_var"},
-        {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME),  "DSO_convert_filename"},
-        {ERR_FUNC(DSO_F_DSO_CTRL),      "DSO_ctrl"},
-        {ERR_FUNC(DSO_F_DSO_FREE),      "DSO_free"},
-        {ERR_FUNC(DSO_F_DSO_GET_FILENAME),      "DSO_get_filename"},
-        {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME),       "DSO_get_loaded_filename"},
-        {ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP),     "DSO_global_lookup"},
-        {ERR_FUNC(DSO_F_DSO_LOAD),      "DSO_load"},
-        {ERR_FUNC(DSO_F_DSO_MERGE),     "DSO_merge"},
-        {ERR_FUNC(DSO_F_DSO_NEW_METHOD),        "DSO_new_method"},
-        {ERR_FUNC(DSO_F_DSO_PATHBYADDR),        "DSO_pathbyaddr"},
-        {ERR_FUNC(DSO_F_DSO_SET_FILENAME),      "DSO_set_filename"},
-        {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER),        "DSO_set_name_converter"},
-        {ERR_FUNC(DSO_F_DSO_UP_REF),    "DSO_up_ref"},
-        {ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC),    "GLOBAL_LOOKUP_FUNC"},
-        {ERR_FUNC(DSO_F_PATHBYADDR),    "PATHBYADDR"},
-        {ERR_FUNC(DSO_F_VMS_BIND_SYM),  "VMS_BIND_SYM"},
-        {ERR_FUNC(DSO_F_VMS_LOAD),      "VMS_LOAD"},
-        {ERR_FUNC(DSO_F_VMS_MERGER),    "VMS_MERGER"},
-        {ERR_FUNC(DSO_F_VMS_UNLOAD),    "VMS_UNLOAD"},
-        {ERR_FUNC(DSO_F_WIN32_BIND_FUNC),       "WIN32_BIND_FUNC"},
-        {ERR_FUNC(DSO_F_WIN32_BIND_VAR),        "WIN32_BIND_VAR"},
-        {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP),    "WIN32_GLOBALLOOKUP"},
-        {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC),       "WIN32_GLOBALLOOKUP_FUNC"},
-        {ERR_FUNC(DSO_F_WIN32_JOINER),  "WIN32_JOINER"},
-        {ERR_FUNC(DSO_F_WIN32_LOAD),    "WIN32_LOAD"},
-        {ERR_FUNC(DSO_F_WIN32_MERGER),  "WIN32_MERGER"},
-        {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER),  "WIN32_NAME_CONVERTER"},
-        {ERR_FUNC(DSO_F_WIN32_PATHBYADDR),      "WIN32_PATHBYADDR"},
-        {ERR_FUNC(DSO_F_WIN32_SPLITTER),        "WIN32_SPLITTER"},
-        {ERR_FUNC(DSO_F_WIN32_UNLOAD),  "WIN32_UNLOAD"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c
index 3002e4d99c..7902fbcc6e 100644
--- a/src/lib/libcrypto/dso/dso_lib.c
+++ b/src/lib/libcrypto/dso/dso_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dso_lib.c,v 1.18 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: dso_lib.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -111,13 +111,13 @@ DSO_new_method(DSO_METHOD *meth)
                 default_DSO_meth = DSO_METHOD_openssl();
         ret = calloc(1, sizeof(DSO));
         if (ret == NULL) {
-                DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+                DSOerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         ret->meth_data = sk_void_new_null();
         if (ret->meth_data == NULL) {
                 /* sk_new doesn't generate any errors so we do */
-                DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+                DSOerror(ERR_R_MALLOC_FAILURE);
                 free(ret);
                 return (NULL);
         }
@@ -139,7 +139,7 @@ DSO_free(DSO *dso)
         int i;
 
         if (dso == NULL) {
-                DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
 
@@ -148,12 +148,12 @@ DSO_free(DSO *dso)
                 return (1);
 
         if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
-                DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
+                DSOerror(DSO_R_UNLOAD_FAILED);
                 return (0);
         }
 
         if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
-                DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
+                DSOerror(DSO_R_FINISH_FAILED);
                 return (0);
         }
 
@@ -175,7 +175,7 @@ int
 DSO_up_ref(DSO *dso)
 {
         if (dso == NULL) {
-                DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
 
@@ -192,40 +192,40 @@ DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
         if (dso == NULL) {
                 ret = DSO_new_method(meth);
                 if (ret == NULL) {
-                        DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE);
+                        DSOerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 allocated = 1;
                 /* Pass the provided flags to the new DSO object */
                 if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
-                        DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED);
+                        DSOerror(DSO_R_CTRL_FAILED);
                         goto err;
                 }
         } else
                 ret = dso;
         /* Don't load if we're currently already loaded */
         if (ret->filename != NULL) {
-                DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED);
+                DSOerror(DSO_R_DSO_ALREADY_LOADED);
                 goto err;
         }
         /* filename can only be NULL if we were passed a dso that already has
          * one set. */
         if (filename != NULL)
                 if (!DSO_set_filename(ret, filename)) {
-                DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED);
+                DSOerror(DSO_R_SET_FILENAME_FAILED);
                 goto err;
         }
         filename = ret->filename;
         if (filename == NULL) {
-                DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME);
+                DSOerror(DSO_R_NO_FILENAME);
                 goto err;
         }
         if (ret->meth->dso_load == NULL) {
-                DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED);
+                DSOerror(DSO_R_UNSUPPORTED);
                 goto err;
         }
         if (!ret->meth->dso_load(ret)) {
-                DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED);
+                DSOerror(DSO_R_LOAD_FAILED);
                 goto err;
         }
         /* Load succeeded */
@@ -243,15 +243,15 @@ DSO_bind_var(DSO *dso, const char *symname)
         void *ret = NULL;
 
         if ((dso == NULL) || (symname == NULL)) {
-                DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (NULL);
         }
         if (dso->meth->dso_bind_var == NULL) {
-                DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED);
+                DSOerror(DSO_R_UNSUPPORTED);
                 return (NULL);
         }
         if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) {
-                DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE);
+                DSOerror(DSO_R_SYM_FAILURE);
                 return (NULL);
         }
         /* Success */
@@ -264,15 +264,15 @@ DSO_bind_func(DSO *dso, const char *symname)
         DSO_FUNC_TYPE ret = NULL;
 
         if ((dso == NULL) || (symname == NULL)) {
-                DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (NULL);
         }
         if (dso->meth->dso_bind_func == NULL) {
-                DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
+                DSOerror(DSO_R_UNSUPPORTED);
                 return (NULL);
         }
         if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
-                DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
+                DSOerror(DSO_R_SYM_FAILURE);
                 return (NULL);
         }
         /* Success */
@@ -291,7 +291,7 @@ long
 DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
 {
         if (dso == NULL) {
-                DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (-1);
         }
         /* We should intercept certain generic commands and only pass control
@@ -310,7 +310,7 @@ DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
                 break;
         }
         if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
-                DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
+                DSOerror(DSO_R_UNSUPPORTED);
                 return (-1);
         }
         return (dso->meth->dso_ctrl(dso, cmd, larg, parg));
@@ -321,8 +321,7 @@ DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
     DSO_NAME_CONVERTER_FUNC *oldcb)
 {
         if (dso == NULL) {
-                DSOerr(DSO_F_DSO_SET_NAME_CONVERTER,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
         if (oldcb)
@@ -335,7 +334,7 @@ const char *
 DSO_get_filename(DSO *dso)
 {
         if (dso == NULL) {
-                DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (NULL);
         }
         return (dso->filename);
@@ -347,17 +346,17 @@ DSO_set_filename(DSO *dso, const char *filename)
         char *copied;
 
         if ((dso == NULL) || (filename == NULL)) {
-                DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
         if (dso->loaded_filename) {
-                DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
+                DSOerror(DSO_R_DSO_ALREADY_LOADED);
                 return (0);
         }
         /* We'll duplicate filename */
         copied = strdup(filename);
         if (copied == NULL) {
-                DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
+                DSOerror(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
         free(dso->filename);
@@ -371,7 +370,7 @@ DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
         char *result = NULL;
 
         if (dso == NULL || filespec1 == NULL) {
-                DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (NULL);
         }
         if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
@@ -390,13 +389,13 @@ DSO_convert_filename(DSO *dso, const char *filename)
         char *result = NULL;
 
         if (dso == NULL) {
-                DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (NULL);
         }
         if (filename == NULL)
                 filename = dso->filename;
         if (filename == NULL) {
-                DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
+                DSOerror(DSO_R_NO_FILENAME);
                 return (NULL);
         }
         if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
@@ -408,8 +407,7 @@ DSO_convert_filename(DSO *dso, const char *filename)
         if (result == NULL) {
                 result = strdup(filename);
                 if (result == NULL) {
-                        DSOerr(DSO_F_DSO_CONVERT_FILENAME,
-                            ERR_R_MALLOC_FAILURE);
+                        DSOerror(ERR_R_MALLOC_FAILURE);
                         return (NULL);
                 }
         }
@@ -420,8 +418,7 @@ const char *
 DSO_get_loaded_filename(DSO *dso)
 {
         if (dso == NULL) {
-                DSOerr(DSO_F_DSO_GET_LOADED_FILENAME,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                DSOerror(ERR_R_PASSED_NULL_PARAMETER);
                 return (NULL);
         }
         return (dso->loaded_filename);
@@ -434,7 +431,7 @@ DSO_pathbyaddr(void *addr, char *path, int sz)
         if (meth == NULL)
                 meth = DSO_METHOD_openssl();
         if (meth->pathbyaddr == NULL) {
-                DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED);
+                DSOerror(DSO_R_UNSUPPORTED);
                 return -1;
         }
         return (*meth->pathbyaddr)(addr, path, sz);
@@ -447,7 +444,7 @@ DSO_global_lookup(const char *name)
         if (meth == NULL)
                 meth = DSO_METHOD_openssl();
         if (meth->globallookup == NULL) {
-                DSOerr(DSO_F_DSO_GLOBAL_LOOKUP, DSO_R_UNSUPPORTED);
+                DSOerror(DSO_R_UNSUPPORTED);
                 return NULL;
         }
         return (*meth->globallookup)(name);
diff --git a/src/lib/libcrypto/ec/ec2_mult.c b/src/lib/libcrypto/ec/ec2_mult.c
index 3812611702..1c8bb18076 100644
--- a/src/lib/libcrypto/ec/ec2_mult.c
+++ b/src/lib/libcrypto/ec/ec2_mult.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec2_mult.c,v 1.8 2016/03/12 21:44:11 bcook Exp $ */
+/* $OpenBSD: ec2_mult.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -267,7 +267,7 @@ ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
         BN_ULONG mask, word;
 
         if (r == point) {
-                ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);
+                ECerror(EC_R_INVALID_ARGUMENT);
                 return 0;
         }
         /* if result should be point at infinity */
diff --git a/src/lib/libcrypto/ec/ec2_oct.c b/src/lib/libcrypto/ec/ec2_oct.c
index 72690b1bc7..f434d726d2 100644
--- a/src/lib/libcrypto/ec/ec2_oct.c
+++ b/src/lib/libcrypto/ec/ec2_oct.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec2_oct.c,v 1.7 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: ec2_oct.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -138,9 +138,9 @@ ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point
                         if (ERR_GET_LIB(err) == ERR_LIB_BN &&
                             ERR_GET_REASON(err) == BN_R_NO_SOLUTION) {
                                 ERR_clear_error();
-                                ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
+                                ECerror(EC_R_INVALID_COMPRESSED_POINT);
                         } else
-                                ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
+                                ECerror(ERR_R_BN_LIB);
                         goto err;
                 }
                 z0 = (BN_is_odd(z)) ? 1 : 0;
@@ -182,14 +182,14 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
         if ((form != POINT_CONVERSION_COMPRESSED)
             && (form != POINT_CONVERSION_UNCOMPRESSED)
             && (form != POINT_CONVERSION_HYBRID)) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+                ECerror(EC_R_INVALID_FORM);
                 goto err;
         }
         if (EC_POINT_is_at_infinity(group, point) > 0) {
                 /* encodes to a single 0 octet */
                 if (buf != NULL) {
                         if (len < 1) {
-                                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                                ECerror(EC_R_BUFFER_TOO_SMALL);
                                 return 0;
                         }
                         buf[0] = 0;
@@ -204,7 +204,7 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
         /* if 'buf' is NULL, just return required length */
         if (buf != NULL) {
                 if (len < ret) {
-                        ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                        ECerror(EC_R_BUFFER_TOO_SMALL);
                         goto err;
                 }
                 if (ctx == NULL) {
@@ -235,7 +235,7 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
 
                 skip = field_len - BN_num_bytes(x);
                 if (skip > field_len) {
-                        ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                        ECerror(ERR_R_INTERNAL_ERROR);
                         goto err;
                 }
                 while (skip > 0) {
@@ -245,14 +245,14 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
                 skip = BN_bn2bin(x, buf + i);
                 i += skip;
                 if (i != 1 + field_len) {
-                        ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                        ECerror(ERR_R_INTERNAL_ERROR);
                         goto err;
                 }
                 if (form == POINT_CONVERSION_UNCOMPRESSED ||
                     form == POINT_CONVERSION_HYBRID) {
                         skip = field_len - BN_num_bytes(y);
                         if (skip > field_len) {
-                                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                                ECerror(ERR_R_INTERNAL_ERROR);
                                 goto err;
                         }
                         while (skip > 0) {
@@ -263,7 +263,7 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
                         i += skip;
                 }
                 if (i != ret) {
-                        ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                        ECerror(ERR_R_INTERNAL_ERROR);
                         goto err;
                 }
         }
@@ -295,7 +295,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         int ret = 0;
 
         if (len == 0) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+                ECerror(EC_R_BUFFER_TOO_SMALL);
                 return 0;
         }
         form = buf[0];
@@ -304,16 +304,16 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) &&
             (form != POINT_CONVERSION_UNCOMPRESSED) &&
             (form != POINT_CONVERSION_HYBRID)) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                ECerror(EC_R_INVALID_ENCODING);
                 return 0;
         }
         if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                ECerror(EC_R_INVALID_ENCODING);
                 return 0;
         }
         if (form == 0) {
                 if (len != 1) {
-                        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                        ECerror(EC_R_INVALID_ENCODING);
                         return 0;
                 }
                 return EC_POINT_set_to_infinity(group, point);
@@ -323,7 +323,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
             1 + 2 * field_len;
 
         if (len != enc_len) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                ECerror(EC_R_INVALID_ENCODING);
                 return 0;
         }
         if (ctx == NULL) {
@@ -342,7 +342,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         if (!BN_bin2bn(buf + 1, field_len, x))
                 goto err;
         if (BN_ucmp(x, &group->field) >= 0) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                ECerror(EC_R_INVALID_ENCODING);
                 goto err;
         }
         if (form == POINT_CONVERSION_COMPRESSED) {
@@ -352,14 +352,14 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
                 if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
                         goto err;
                 if (BN_ucmp(y, &group->field) >= 0) {
-                        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                        ECerror(EC_R_INVALID_ENCODING);
                         goto err;
                 }
                 if (form == POINT_CONVERSION_HYBRID) {
                         if (!group->meth->field_div(group, yxi, y, x, ctx))
                                 goto err;
                         if (y_bit != BN_is_odd(yxi)) {
-                                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                                ECerror(EC_R_INVALID_ENCODING);
                                 goto err;
                         }
                 }
@@ -369,7 +369,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
 
         /* test required by X9.62 */
         if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+                ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
                 goto err;
         }
         ret = 1;
diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c
index 43f0afd5ae..6157599990 100644
--- a/src/lib/libcrypto/ec/ec2_smpl.c
+++ b/src/lib/libcrypto/ec/ec2_smpl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec2_smpl.c,v 1.14 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: ec2_smpl.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -212,7 +212,7 @@ ec_GF2m_simple_group_set_curve(EC_GROUP * group,
                 goto err;
         i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1;
         if ((i != 5) && (i != 3)) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+                ECerror(EC_R_UNSUPPORTED_FIELD);
                 goto err;
         }
         /* group->a */
@@ -286,7 +286,7 @@ ec_GF2m_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
         if (ctx == NULL) {
                 ctx = new_ctx = BN_CTX_new();
                 if (ctx == NULL) {
-                        ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
@@ -383,7 +383,7 @@ ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * p
 {
         int ret = 0;
         if (x == NULL || y == NULL) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         if (!BN_copy(&point->X, x))
@@ -413,11 +413,11 @@ ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
         int ret = 0;
 
         if (EC_POINT_is_at_infinity(group, point) > 0) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
+                ECerror(EC_R_POINT_AT_INFINITY);
                 return 0;
         }
         if (BN_cmp(&point->Z, BN_value_one())) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (x != NULL) {
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 0dab68d5fe..8d0cdb733b 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.17 2016/10/19 16:49:11 jsing Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -74,7 +74,7 @@ eckey_param2type(int *pptype, void **ppval, EC_KEY * ec_key)
         const EC_GROUP *group;
         int nid;
         if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
-                ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);
+                ECerror(EC_R_MISSING_PARAMETERS);
                 return 0;
         }
         if (EC_GROUP_get_asn1_flag(group) &&
@@ -91,7 +91,7 @@ eckey_param2type(int *pptype, void **ppval, EC_KEY * ec_key)
                 pstr->length = i2d_ECParameters(ec_key, &pstr->data);
                 if (pstr->length <= 0) {
                         ASN1_STRING_free(pstr);
-                        ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         return 0;
                 }
                 *ppval = pstr;
@@ -110,7 +110,7 @@ eckey_pub_encode(X509_PUBKEY * pk, const EVP_PKEY * pkey)
         int penclen;
 
         if (!eckey_param2type(&ptype, &pval, ec_key)) {
-                ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 return 0;
         }
         penclen = i2o_ECPublicKey(ec_key, NULL);
@@ -148,7 +148,7 @@ eckey_type2param(int ptype, void *pval)
                 pm = pstr->data;
                 pmlen = pstr->length;
                 if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) {
-                        ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+                        ECerror(EC_R_DECODE_ERROR);
                         goto ecerr;
                 }
         } else if (ptype == V_ASN1_OBJECT) {
@@ -160,7 +160,7 @@ eckey_type2param(int ptype, void *pval)
                  * asn1 OID
                  */
                 if ((eckey = EC_KEY_new()) == NULL) {
-                        ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto ecerr;
                 }
                 group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
@@ -171,7 +171,7 @@ eckey_type2param(int ptype, void *pval)
                         goto ecerr;
                 EC_GROUP_free(group);
         } else {
-                ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+                ECerror(EC_R_DECODE_ERROR);
                 goto ecerr;
         }
 
@@ -199,12 +199,12 @@ eckey_pub_decode(EVP_PKEY * pkey, X509_PUBKEY * pubkey)
         eckey = eckey_type2param(ptype, pval);
 
         if (!eckey) {
-                ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 return 0;
         }
         /* We have parameters now set public key */
         if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
-                ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
+                ECerror(EC_R_DECODE_ERROR);
                 goto ecerr;
         }
         EVP_PKEY_assign_EC_KEY(pkey, eckey);
@@ -251,7 +251,7 @@ eckey_priv_decode(EVP_PKEY * pkey, PKCS8_PRIV_KEY_INFO * p8)
 
         /* We have parameters now set private key */
         if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
-                ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
+                ECerror(EC_R_DECODE_ERROR);
                 goto ecerr;
         }
         /* calculate public key (if necessary) */
@@ -266,23 +266,23 @@ eckey_priv_decode(EVP_PKEY * pkey, PKCS8_PRIV_KEY_INFO * p8)
                 group = EC_KEY_get0_group(eckey);
                 pub_key = EC_POINT_new(group);
                 if (pub_key == NULL) {
-                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto ecliberr;
                 }
                 if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
                         EC_POINT_free(pub_key);
-                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto ecliberr;
                 }
                 priv_key = EC_KEY_get0_private_key(eckey);
                 if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) {
                         EC_POINT_free(pub_key);
-                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto ecliberr;
                 }
                 if (EC_KEY_set_public_key(eckey, pub_key) == 0) {
                         EC_POINT_free(pub_key);
-                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto ecliberr;
                 }
                 EC_POINT_free(pub_key);
@@ -291,7 +291,7 @@ eckey_priv_decode(EVP_PKEY * pkey, PKCS8_PRIV_KEY_INFO * p8)
         return 1;
 
 ecliberr:
-        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+        ECerror(ERR_R_EC_LIB);
 ecerr:
         if (eckey)
                 EC_KEY_free(eckey);
@@ -310,7 +310,7 @@ eckey_priv_encode(PKCS8_PRIV_KEY_INFO * p8, const EVP_PKEY * pkey)
         ec_key = pkey->pkey.ec;
 
         if (!eckey_param2type(&ptype, &pval, ec_key)) {
-                ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
+                ECerror(EC_R_DECODE_ERROR);
                 return 0;
         }
         /* set the private key */
@@ -325,20 +325,20 @@ eckey_priv_encode(PKCS8_PRIV_KEY_INFO * p8, const EVP_PKEY * pkey)
         eplen = i2d_ECPrivateKey(ec_key, NULL);
         if (!eplen) {
                 EC_KEY_set_enc_flags(ec_key, old_flags);
-                ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 return 0;
         }
         ep = malloc(eplen);
         if (!ep) {
                 EC_KEY_set_enc_flags(ec_key, old_flags);
-                ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         p = ep;
         if (!i2d_ECPrivateKey(ec_key, &p)) {
                 EC_KEY_set_enc_flags(ec_key, old_flags);
                 free(ep);
-                ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 return 0;
         }
         /* restore old encoding flags */
@@ -483,7 +483,7 @@ do_EC_KEY_print(BIO * bp, const EC_KEY * x, int off, int ktype)
         ret = 1;
 err:
         if (!ret)
-                ECerr(EC_F_DO_EC_KEY_PRINT, reason);
+                ECerror(reason);
         BN_free(pub_key);
         BN_free(order);
         BN_CTX_free(ctx);
@@ -497,7 +497,7 @@ eckey_param_decode(EVP_PKEY * pkey,
 {
         EC_KEY *eckey;
         if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
-                ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 return 0;
         }
         EVP_PKEY_assign_EC_KEY(pkey, eckey);
@@ -538,7 +538,7 @@ old_ec_priv_decode(EVP_PKEY * pkey,
 {
         EC_KEY *ec;
         if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) {
-                ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
+                ECerror(EC_R_DECODE_ERROR);
                 return 0;
         }
         EVP_PKEY_assign_EC_KEY(pkey, ec);
diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c
index 3234e7a6f2..dddf71c6e5 100644
--- a/src/lib/libcrypto/ec/ec_asn1.c
+++ b/src/lib/libcrypto/ec/ec_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_asn1.c,v 1.22 2016/03/20 16:50:29 krw Exp $ */
+/* $OpenBSD: ec_asn1.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -96,7 +96,7 @@ EC_GROUP_get_trinomial_basis(const EC_GROUP * group, unsigned int *k)
         if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
             NID_X9_62_characteristic_two_field
             || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) {
-                ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (k)
@@ -114,7 +114,7 @@ EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1,
         if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
             NID_X9_62_characteristic_two_field
             || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) {
-                ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (k1)
@@ -696,29 +696,29 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
         nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
         /* set OID for the field */
         if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
-                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+                ECerror(ERR_R_OBJ_LIB);
                 goto err;
         }
         if (nid == NID_X9_62_prime_field) {
                 if ((tmp = BN_new()) == NULL) {
-                        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 /* the parameters are specified by the prime number p */
                 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
-                        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
                 /* set the prime number */
                 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
                 if (field->p.prime == NULL) {
-                        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+                        ECerror(ERR_R_ASN1_LIB);
                         goto err;
                 }
         } else                  /* nid == NID_X9_62_characteristic_two_field */
 #ifdef OPENSSL_NO_EC2M
         {
-                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
+                ECerror(EC_R_GF2M_NOT_SUPPORTED);
                 goto err;
         }
 #else
@@ -730,7 +730,7 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
                 char_two = field->p.char_two;
 
                 if (char_two == NULL) {
-                        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 char_two->m = (long) EC_GROUP_get_degree(group);
@@ -738,12 +738,12 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
                 field_type = EC_GROUP_get_basis_type(group);
 
                 if (field_type == 0) {
-                        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
                 /* set base type OID */
                 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
-                        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+                        ECerror(ERR_R_OBJ_LIB);
                         goto err;
                 }
                 if (field_type == NID_X9_62_tpBasis) {
@@ -754,12 +754,11 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
 
                         char_two->p.tpBasis = ASN1_INTEGER_new();
                         if (!char_two->p.tpBasis) {
-                                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                                ECerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) {
-                                ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
-                                    ERR_R_ASN1_LIB);
+                                ECerror(ERR_R_ASN1_LIB);
                                 goto err;
                         }
                 } else if (field_type == NID_X9_62_ppBasis) {
@@ -770,7 +769,7 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
 
                         char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
                         if (!char_two->p.ppBasis) {
-                                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                                ECerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         /* set k? values */
@@ -781,7 +780,7 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
                         /* for ONB the parameters are (asn1) NULL */
                         char_two->p.onBasis = ASN1_NULL_new();
                         if (!char_two->p.onBasis) {
-                                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                                ECerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                 }
@@ -809,7 +808,7 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
                 return 0;
 
         if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
-                ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
@@ -817,14 +816,14 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
         /* get a and b */
         if (nid == NID_X9_62_prime_field) {
                 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
-                        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
         }
 #ifndef OPENSSL_NO_EC2M
         else {                  /* nid == NID_X9_62_characteristic_two_field */
                 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
-                        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
         }
@@ -838,12 +837,11 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
                 len_1 = 1;
         } else {
                 if ((buffer_1 = malloc(len_1)) == NULL) {
-                        ECerr(EC_F_EC_ASN1_GROUP2CURVE,
-                            ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
-                        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         goto err;
                 }
                 a_buf = buffer_1;
@@ -855,12 +853,11 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
                 len_2 = 1;
         } else {
                 if ((buffer_2 = malloc(len_2)) == NULL) {
-                        ECerr(EC_F_EC_ASN1_GROUP2CURVE,
-                            ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
-                        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         goto err;
                 }
                 b_buf = buffer_2;
@@ -869,21 +866,21 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
         /* set a and b */
         if (!ASN1_STRING_set(curve->a, a_buf, len_1) ||
             !ASN1_STRING_set(curve->b, b_buf, len_2)) {
-                ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+                ECerror(ERR_R_ASN1_LIB);
                 goto err;
         }
         /* set the seed (optional) */
         if (group->seed) {
                 if (!curve->seed)
                         if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
-                                ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+                                ECerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
                 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
                 if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
                         (int) group->seed_len)) {
-                        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+                        ECerror(ERR_R_ASN1_LIB);
                         goto err;
                 }
         } else {
@@ -915,13 +912,12 @@ ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param)
         point_conversion_form_t form;
 
         if ((tmp = BN_new()) == NULL) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (param == NULL) {
                 if ((ret = ECPARAMETERS_new()) == NULL) {
-                        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS,
-                            ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         } else
@@ -932,57 +928,57 @@ ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param)
 
         /* set the fieldID */
         if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         /* set the curve */
         if (!ec_asn1_group2curve(group, ret->curve)) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         /* set the base point */
         if ((point = EC_GROUP_get0_generator(group)) == NULL) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
+                ECerror(EC_R_UNDEFINED_GENERATOR);
                 goto err;
         }
         form = EC_GROUP_get_point_conversion_form(group);
 
         len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
         if (len == 0) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         if ((buffer = malloc(len)) == NULL) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+                ECerror(ERR_R_ASN1_LIB);
                 goto err;
         }
         /* set the order */
         if (!EC_GROUP_get_order(group, tmp, NULL)) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
         if (ret->order == NULL) {
-                ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+                ECerror(ERR_R_ASN1_LIB);
                 goto err;
         }
         /* set the cofactor (optional) */
         if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
                 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
                 if (ret->cofactor == NULL) {
-                        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+                        ECerror(ERR_R_ASN1_LIB);
                         goto err;
                 }
         }
@@ -1006,8 +1002,7 @@ ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params)
 
         if (ret == NULL) {
                 if ((ret = ECPKPARAMETERS_new()) == NULL) {
-                        ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS,
-                            ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         return NULL;
                 }
         } else {
@@ -1056,24 +1051,24 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
 
         if (!params->fieldID || !params->fieldID->fieldType ||
             !params->fieldID->p.ptr) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                ECerror(EC_R_ASN1_ERROR);
                 goto err;
         }
         /* now extract the curve parameters a and b */
         if (!params->curve || !params->curve->a ||
             !params->curve->a->data || !params->curve->b ||
             !params->curve->b->data) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                ECerror(EC_R_ASN1_ERROR);
                 goto err;
         }
         a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
         if (a == NULL) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
+                ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
         if (b == NULL) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
+                ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         /* get the field parameters */
@@ -1081,7 +1076,7 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
         if (tmp == NID_X9_62_characteristic_two_field)
 #ifdef OPENSSL_NO_EC2M
         {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED);
+                ECerror(EC_R_GF2M_NOT_SUPPORTED);
                 goto err;
         }
 #else
@@ -1092,11 +1087,11 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
 
                 field_bits = char_two->m;
                 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
-                        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
+                        ECerror(EC_R_FIELD_TOO_LARGE);
                         goto err;
                 }
                 if ((p = BN_new()) == NULL) {
-                        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 /* get the base type */
@@ -1106,13 +1101,13 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
                         long tmp_long;
 
                         if (!char_two->p.tpBasis) {
-                                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                                ECerror(EC_R_ASN1_ERROR);
                                 goto err;
                         }
                         tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
 
                         if (!(char_two->m > tmp_long && tmp_long > 0)) {
-                                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS);
+                                ECerror(EC_R_INVALID_TRINOMIAL_BASIS);
                                 goto err;
                         }
                         /* create the polynomial */
@@ -1127,11 +1122,11 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
 
                         penta = char_two->p.ppBasis;
                         if (!penta) {
-                                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                                ECerror(EC_R_ASN1_ERROR);
                                 goto err;
                         }
                         if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) {
-                                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS);
+                                ECerror(EC_R_INVALID_PENTANOMIAL_BASIS);
                                 goto err;
                         }
                         /* create the polynomial */
@@ -1146,10 +1141,10 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
                         if (!BN_set_bit(p, 0))
                                 goto err;
                 } else if (tmp == NID_X9_62_onBasis) {
-                        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);
+                        ECerror(EC_R_NOT_IMPLEMENTED);
                         goto err;
                 } else {        /* error */
-                        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                        ECerror(EC_R_ASN1_ERROR);
                         goto err;
                 }
 
@@ -1161,40 +1156,39 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
                 /* we have a curve over a prime field */
                 /* extract the prime number */
                 if (!params->fieldID->p.prime) {
-                        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                        ECerror(EC_R_ASN1_ERROR);
                         goto err;
                 }
                 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
                 if (p == NULL) {
-                        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+                        ECerror(ERR_R_ASN1_LIB);
                         goto err;
                 }
                 if (BN_is_negative(p) || BN_is_zero(p)) {
-                        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
+                        ECerror(EC_R_INVALID_FIELD);
                         goto err;
                 }
                 field_bits = BN_num_bits(p);
                 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
-                        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
+                        ECerror(EC_R_FIELD_TOO_LARGE);
                         goto err;
                 }
                 /* create the EC_GROUP structure */
                 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
         } else {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
+                ECerror(EC_R_INVALID_FIELD);
                 goto err;
         }
 
         if (ret == NULL) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         /* extract seed (optional) */
         if (params->curve->seed != NULL) {
                 free(ret->seed);
                 if (!(ret->seed = malloc(params->curve->seed->length))) {
-                        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
-                            ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 memcpy(ret->seed, params->curve->seed->data,
@@ -1202,7 +1196,7 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
                 ret->seed_len = params->curve->seed->length;
         }
         if (!params->order || !params->base || !params->base->data) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                ECerror(EC_R_ASN1_ERROR);
                 goto err;
         }
         if ((point = EC_POINT_new(ret)) == NULL)
@@ -1215,20 +1209,20 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
         /* extract the ec point */
         if (!EC_POINT_oct2point(ret, point, params->base->data,
                 params->base->length, NULL)) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         /* extract the order */
         if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+                ECerror(ERR_R_ASN1_LIB);
                 goto err;
         }
         if (BN_is_negative(a) || BN_is_zero(a)) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
+                ECerror(EC_R_INVALID_GROUP_ORDER);
                 goto err;
         }
         if (BN_num_bits(a) > (int) field_bits + 1) {    /* Hasse bound */
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
+                ECerror(EC_R_INVALID_GROUP_ORDER);
                 goto err;
         }
         /* extract the cofactor (optional) */
@@ -1236,12 +1230,12 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
                 BN_free(b);
                 b = NULL;
         } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+                ECerror(ERR_R_ASN1_LIB);
                 goto err;
         }
         /* set the generator, order and cofactor (if present) */
         if (!EC_GROUP_set_generator(ret, point, a, b)) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         ok = 1;
@@ -1264,15 +1258,13 @@ ec_asn1_pkparameters2group(const ECPKPARAMETERS * params)
         int tmp = 0;
 
         if (params == NULL) {
-                ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
-                    EC_R_MISSING_PARAMETERS);
+                ECerror(EC_R_MISSING_PARAMETERS);
                 return NULL;
         }
         if (params->type == 0) {/* the curve is given by an OID */
                 tmp = OBJ_obj2nid(params->value.named_curve);
                 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
-                        ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
-                            EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
+                        ECerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
                         return NULL;
                 }
                 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
@@ -1280,14 +1272,14 @@ ec_asn1_pkparameters2group(const ECPKPARAMETERS * params)
                                          * ECPARAMETERS structure */
                 ret = ec_asn1_parameters2group(params->value.parameters);
                 if (!ret) {
-                        ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         return NULL;
                 }
                 EC_GROUP_set_asn1_flag(ret, 0x0);
         } else if (params->type == 2) { /* implicitlyCA */
                 return NULL;
         } else {
-                ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                ECerror(EC_R_ASN1_ERROR);
                 return NULL;
         }
 
@@ -1303,11 +1295,11 @@ d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len)
         ECPKPARAMETERS *params = NULL;
 
         if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
-                ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
+                ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE);
                 goto err;
         }
         if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
-                ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
+                ECerror(EC_R_PKPARAMETERS2GROUP_FAILURE);
                 goto err;
         }
 
@@ -1327,11 +1319,11 @@ i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out)
         int ret = 0;
         ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
         if (tmp == NULL) {
-                ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
+                ECerror(EC_R_GROUP2PKPARAMETERS_FAILURE);
                 return 0;
         }
         if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
-                ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
+                ECerror(EC_R_I2D_ECPKPARAMETERS_FAILURE);
                 ECPKPARAMETERS_free(tmp);
                 return 0;
         }
@@ -1348,17 +1340,17 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
         EC_PRIVATEKEY *priv_key = NULL;
 
         if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
-                ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
-                ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 EC_PRIVATEKEY_free(priv_key);
                 return NULL;
         }
         if (a == NULL || *a == NULL) {
                 if ((ret = EC_KEY_new()) == NULL) {
-                        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         } else
@@ -1369,7 +1361,7 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
                 ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
         }
         if (ret->group == NULL) {
-                ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         ret->version = priv_key->version;
@@ -1380,13 +1372,11 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
                     ASN1_STRING_length(priv_key->privateKey),
                     ret->priv_key);
                 if (ret->priv_key == NULL) {
-                        ECerr(EC_F_D2I_ECPRIVATEKEY,
-                            ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         goto err;
                 }
         } else {
-                ECerr(EC_F_D2I_ECPRIVATEKEY,
-                    EC_R_MISSING_PRIVATE_KEY);
+                ECerror(EC_R_MISSING_PRIVATE_KEY);
                 goto err;
         }
 
@@ -1397,7 +1387,7 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
                 EC_POINT_clear_free(ret->pub_key);
                 ret->pub_key = EC_POINT_new(ret->group);
                 if (ret->pub_key == NULL) {
-                        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
                 pub_oct = ASN1_STRING_data(priv_key->publicKey);
@@ -1406,7 +1396,7 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
                 ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
                 if (!EC_POINT_oct2point(ret->group, ret->pub_key,
                         pub_oct, pub_oct_len, NULL)) {
-                        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
         }
@@ -1434,13 +1424,11 @@ i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
         EC_PRIVATEKEY *priv_key = NULL;
 
         if (a == NULL || a->group == NULL || a->priv_key == NULL) {
-                ECerr(EC_F_I2D_ECPRIVATEKEY,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 goto err;
         }
         if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
-                ECerr(EC_F_I2D_ECPRIVATEKEY,
-                    ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         priv_key->version = a->version;
@@ -1448,30 +1436,28 @@ i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
         buf_len = (size_t) BN_num_bytes(a->priv_key);
         buffer = malloc(buf_len);
         if (buffer == NULL) {
-                ECerr(EC_F_I2D_ECPRIVATEKEY,
-                    ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (!BN_bn2bin(a->priv_key, buffer)) {
-                ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
+                ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) {
-                ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
+                ECerror(ERR_R_ASN1_LIB);
                 goto err;
         }
         if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
                 if ((priv_key->parameters = ec_asn1_group2pkparameters(
                             a->group, priv_key->parameters)) == NULL) {
-                        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
         }
         if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) {
                 priv_key->publicKey = ASN1_BIT_STRING_new();
                 if (priv_key->publicKey == NULL) {
-                        ECerr(EC_F_I2D_ECPRIVATEKEY,
-                            ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
@@ -1480,7 +1466,7 @@ i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
                 if (tmp_len > buf_len) {
                         unsigned char *tmp_buffer = realloc(buffer, tmp_len);
                         if (!tmp_buffer) {
-                                ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+                                ECerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         buffer = tmp_buffer;
@@ -1488,19 +1474,19 @@ i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
                 }
                 if (!EC_POINT_point2oct(a->group, a->pub_key,
                         a->conv_form, buffer, buf_len, NULL)) {
-                        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
                 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
                 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
                 if (!ASN1_STRING_set(priv_key->publicKey, buffer,
                         buf_len)) {
-                        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
+                        ECerror(ERR_R_ASN1_LIB);
                         goto err;
                 }
         }
         if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
-                ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         ok = 1;
@@ -1515,7 +1501,7 @@ int
 i2d_ECParameters(EC_KEY * a, unsigned char **out)
 {
         if (a == NULL) {
-                ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         return i2d_ECPKParameters(a->group, out);
@@ -1527,19 +1513,19 @@ d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len)
         EC_KEY *ret;
 
         if (in == NULL || *in == NULL) {
-                ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return NULL;
         }
         if (a == NULL || *a == NULL) {
                 if ((ret = EC_KEY_new()) == NULL) {
-                        ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         return NULL;
                 }
         } else
                 ret = *a;
 
         if (!d2i_ECPKParameters(&ret->group, in, len)) {
-                ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 if (a == NULL || *a != ret)
                         EC_KEY_free(ret);
                 return NULL;
@@ -1560,17 +1546,17 @@ o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len)
                  * sorry, but a EC_GROUP-structur is necessary to set the
                  * public key
                  */
-                ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         ret = *a;
         if (ret->pub_key == NULL &&
             (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
-                ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) {
-                ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 return 0;
         }
         /* save the point conversion form */
@@ -1586,7 +1572,7 @@ i2o_ECPublicKey(EC_KEY * a, unsigned char **out)
         int new_buffer = 0;
 
         if (a == NULL) {
-                ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         buf_len = EC_POINT_point2oct(a->group, a->pub_key,
@@ -1598,14 +1584,14 @@ i2o_ECPublicKey(EC_KEY * a, unsigned char **out)
 
         if (*out == NULL) {
                 if ((*out = malloc(buf_len)) == NULL) {
-                        ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 new_buffer = 1;
         }
         if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
                 *out, buf_len, NULL)) {
-                ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 if (new_buffer) {
                         free(*out);
                         *out = NULL;
diff --git a/src/lib/libcrypto/ec/ec_check.c b/src/lib/libcrypto/ec/ec_check.c
index 21072305d5..bbb03498ac 100644
--- a/src/lib/libcrypto/ec/ec_check.c
+++ b/src/lib/libcrypto/ec/ec_check.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_check.c,v 1.5 2015/02/08 22:25:03 miod Exp $ */
+/* $OpenBSD: ec_check.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -67,7 +67,7 @@ EC_GROUP_check(const EC_GROUP * group, BN_CTX * ctx)
         if (ctx == NULL) {
                 ctx = new_ctx = BN_CTX_new();
                 if (ctx == NULL) {
-                        ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
@@ -77,16 +77,16 @@ EC_GROUP_check(const EC_GROUP * group, BN_CTX * ctx)
 
         /* check the discriminant */
         if (!EC_GROUP_check_discriminant(group, ctx)) {
-                ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
+                ECerror(EC_R_DISCRIMINANT_IS_ZERO);
                 goto err;
         }
         /* check the generator */
         if (group->generator == NULL) {
-                ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
+                ECerror(EC_R_UNDEFINED_GENERATOR);
                 goto err;
         }
         if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
-                ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
+                ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
                 goto err;
         }
         /* check the order of the generator */
@@ -95,13 +95,13 @@ EC_GROUP_check(const EC_GROUP * group, BN_CTX * ctx)
         if (!EC_GROUP_get_order(group, order, ctx))
                 goto err;
         if (BN_is_zero(order)) {
-                ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
+                ECerror(EC_R_UNDEFINED_ORDER);
                 goto err;
         }
         if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
                 goto err;
         if (EC_POINT_is_at_infinity(group, point) <= 0) {
-                ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
+                ECerror(EC_R_INVALID_GROUP_ORDER);
                 goto err;
         }
         ret = 1;
diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c
index c8eee285b6..1ee2a7c8e8 100644
--- a/src/lib/libcrypto/ec/ec_curve.c
+++ b/src/lib/libcrypto/ec/ec_curve.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_curve.c,v 1.14 2016/11/04 17:33:19 miod Exp $ */
+/* $OpenBSD: ec_curve.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -3168,7 +3168,7 @@ ec_group_new_from_data(const ec_list_element curve)
         const unsigned char *params;
 
         if ((ctx = BN_CTX_new()) == NULL) {
-                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         data = curve.data;
@@ -3180,19 +3180,19 @@ ec_group_new_from_data(const ec_list_element curve)
         if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) ||
             !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) ||
             !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) {
-                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+                ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         if (curve.meth != 0) {
                 meth = curve.meth();
                 if (((group = EC_GROUP_new(meth)) == NULL) ||
                     (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
-                        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
         } else if (data->field_type == NID_X9_62_prime_field) {
                 if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
-                        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
         }
@@ -3200,37 +3200,37 @@ ec_group_new_from_data(const ec_list_element curve)
         else {                  /* field_type ==
                                  * NID_X9_62_characteristic_two_field */
                 if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
-                        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
         }
 #endif
 
         if ((P = EC_POINT_new(group)) == NULL) {
-                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL))
             || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) {
-                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+                ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
-                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL))
             || !BN_set_word(x, (BN_ULONG) data->cofactor)) {
-                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+                ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         if (!EC_GROUP_set_generator(group, P, order, x)) {
-                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (seed_len) {
                 if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
-                        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
         }
@@ -3266,7 +3266,7 @@ EC_GROUP_new_by_curve_name(int nid)
                         break;
                 }
         if (ret == NULL) {
-                ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
+                ECerror(EC_R_UNKNOWN_GROUP);
                 return NULL;
         }
         EC_GROUP_set_curve_name(ret, nid);
diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
index 0ba510adae..fa5deceda5 100644
--- a/src/lib/libcrypto/ec/ec_err.c
+++ b/src/lib/libcrypto/ec/ec_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_err.c,v 1.9 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: ec_err.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -71,144 +71,8 @@
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
 
-static ERR_STRING_DATA EC_str_functs[] =
-{
-        {ERR_FUNC(EC_F_BN_TO_FELEM), "BN_TO_FELEM"},
-        {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
-        {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
-        {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
-        {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
-        {ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "DO_EC_KEY_PRINT"},
-        {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "ECKEY_PARAM2TYPE"},
-        {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "ECKEY_PARAM_DECODE"},
-        {ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "ECKEY_PRIV_DECODE"},
-        {ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "ECKEY_PRIV_ENCODE"},
-        {ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "ECKEY_PUB_DECODE"},
-        {ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "ECKEY_PUB_ENCODE"},
-        {ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "ECKEY_TYPE2PARAM"},
-        {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"},
-        {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"},
-        {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"},
-        {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"},
-        {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"},
-        {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"},
-        {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"},
-        {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"},
-        {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"},
-        {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"},
-        {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"},
-        {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"},
-        {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"},
-        {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"},
-        {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"},
-        {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
-        {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GF2m_simple_group_check_discriminant"},
-        {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), "ec_GF2m_simple_group_set_curve"},
-        {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"},
-        {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"},
-        {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GF2m_simple_point_get_affine_coordinates"},
-        {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GF2m_simple_point_set_affine_coordinates"},
-        {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GF2m_simple_set_compressed_coordinates"},
-        {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
-        {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
-        {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
-        {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), "ec_GFp_mont_field_set_to_one"},
-        {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
-        {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), "ec_GFp_mont_group_set_curve"},
-        {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), "EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
-        {ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE), "ec_GFp_nistp224_group_set_curve"},
-        {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL), "ec_GFp_nistp224_points_mul"},
-        {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES), "ec_GFp_nistp224_point_get_affine_coordinates"},
-        {ERR_FUNC(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE), "ec_GFp_nistp256_group_set_curve"},
-        {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINTS_MUL), "ec_GFp_nistp256_points_mul"},
-        {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES), "ec_GFp_nistp256_point_get_affine_coordinates"},
-        {ERR_FUNC(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE), "ec_GFp_nistp521_group_set_curve"},
-        {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINTS_MUL), "ec_GFp_nistp521_points_mul"},
-        {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES), "ec_GFp_nistp521_point_get_affine_coordinates"},
-        {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"},
-        {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"},
-        {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), "ec_GFp_nist_group_set_curve"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GFp_simple_group_check_discriminant"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), "ec_GFp_simple_group_set_curve"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GFp_simple_point_get_affine_coordinates"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GFp_simple_point_set_affine_coordinates"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GFp_simple_set_compressed_coordinates"},
-        {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
-        {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
-        {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), "EC_GROUP_check_discriminant"},
-        {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
-        {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
-        {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
-        {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"},
-        {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
-        {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"},
-        {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
-        {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"},
-        {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"},
-        {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
-        {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"},
-        {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"},
-        {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
-        {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"},
-        {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
-        {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"},
-        {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
-        {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
-        {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
-        {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"},
-        {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"},
-        {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"},
-        {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"},
-        {ERR_FUNC(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES), "EC_KEY_set_public_key_affine_coordinates"},
-        {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
-        {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
-        {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
-        {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
-        {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
-        {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), "EC_POINT_get_affine_coordinates_GF2m"},
-        {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"},
-        {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"},
-        {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"},
-        {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
-        {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
-        {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
-        {ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"},
-        {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
-        {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
-        {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
-        {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), "EC_POINT_set_affine_coordinates_GF2m"},
-        {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"},
-        {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), "EC_POINT_set_compressed_coordinates_GF2m"},
-        {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"},
-        {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
-        {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
-        {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"},
-        {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"},
-        {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
-        {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
-        {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},
-        {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"},
-        {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
-        {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
-        {ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "NISTP224_PRE_COMP_NEW"},
-        {ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "NISTP256_PRE_COMP_NEW"},
-        {ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "NISTP521_PRE_COMP_NEW"},
-        {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"},
-        {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "OLD_EC_PRIV_DECODE"},
-        {ERR_FUNC(EC_F_PKEY_EC_CTRL), "PKEY_EC_CTRL"},
-        {ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "PKEY_EC_CTRL_STR"},
-        {ERR_FUNC(EC_F_PKEY_EC_DERIVE), "PKEY_EC_DERIVE"},
-        {ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"},
-        {ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "PKEY_EC_PARAMGEN"},
-        {ERR_FUNC(EC_F_PKEY_EC_SIGN), "PKEY_EC_SIGN"},
+static ERR_STRING_DATA EC_str_functs[] = {
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index fa962e4d0f..5a23a9823d 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.12 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: ec_key.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -75,7 +75,7 @@ EC_KEY_new(void)
 
         ret = malloc(sizeof(EC_KEY));
         if (ret == NULL) {
-                ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         ret->version = 1;
@@ -133,7 +133,7 @@ EC_KEY_copy(EC_KEY * dest, const EC_KEY * src)
         EC_EXTRA_DATA *d;
 
         if (dest == NULL || src == NULL) {
-                ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return NULL;
         }
         /* copy the parameters */
@@ -217,7 +217,7 @@ EC_KEY_generate_key(EC_KEY * eckey)
         EC_POINT *pub_key = NULL;
 
         if (!eckey || !eckey->group) {
-                ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         if ((order = BN_new()) == NULL)
@@ -274,11 +274,11 @@ EC_KEY_check_key(const EC_KEY * eckey)
         EC_POINT *point = NULL;
 
         if (!eckey || !eckey->group || !eckey->pub_key) {
-                ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key) > 0) {
-                ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+                ECerror(EC_R_POINT_AT_INFINITY);
                 goto err;
         }
         if ((ctx = BN_CTX_new()) == NULL)
@@ -288,21 +288,21 @@ EC_KEY_check_key(const EC_KEY * eckey)
 
         /* testing whether the pub_key is on the elliptic curve */
         if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
-                ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+                ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
                 goto err;
         }
         /* testing whether pub_key * order is the point at infinity */
         order = &eckey->group->order;
         if (BN_is_zero(order)) {
-                ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+                ECerror(EC_R_INVALID_GROUP_ORDER);
                 goto err;
         }
         if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
-                ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+                ECerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (EC_POINT_is_at_infinity(eckey->group, point) <= 0) {
-                ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+                ECerror(EC_R_WRONG_ORDER);
                 goto err;
         }
         /*
@@ -311,17 +311,17 @@ EC_KEY_check_key(const EC_KEY * eckey)
          */
         if (eckey->priv_key) {
                 if (BN_cmp(eckey->priv_key, order) >= 0) {
-                        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+                        ECerror(EC_R_WRONG_ORDER);
                         goto err;
                 }
                 if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
                         NULL, NULL, ctx)) {
-                        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+                        ECerror(ERR_R_EC_LIB);
                         goto err;
                 }
                 if (EC_POINT_cmp(eckey->group, point, eckey->pub_key,
                         ctx) != 0) {
-                        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+                        ECerror(EC_R_INVALID_PRIVATE_KEY);
                         goto err;
                 }
         }
@@ -341,8 +341,7 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
         int ok = 0, tmp_nid, is_char_two = 0;
 
         if (!key || !key->group || !x || !y) {
-                ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         ctx = BN_CTX_new();
@@ -387,8 +386,7 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
          * out of range.
          */
         if (BN_cmp(x, tx) || BN_cmp(y, ty)) {
-                ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
-                    EC_R_COORDINATES_OUT_OF_RANGE);
+                ECerror(EC_R_COORDINATES_OUT_OF_RANGE);
                 goto err;
         }
         if (!EC_KEY_set_public_key(key, point))
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 976091f4c9..baddbf6dc8 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.22 2016/09/03 12:10:40 beck Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -78,16 +78,16 @@ EC_GROUP_new(const EC_METHOD * meth)
         EC_GROUP *ret;
 
         if (meth == NULL) {
-                ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
+                ECerror(EC_R_SLOT_FULL);
                 return NULL;
         }
         if (meth->group_init == 0) {
-                ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return NULL;
         }
         ret = malloc(sizeof *ret);
         if (ret == NULL) {
-                ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         ret->meth = meth;
@@ -166,11 +166,11 @@ EC_GROUP_copy(EC_GROUP * dest, const EC_GROUP * src)
         EC_EXTRA_DATA *d;
 
         if (dest->meth->group_copy == 0) {
-                ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (dest->meth != src->meth) {
-                ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         if (dest == src)
@@ -262,7 +262,7 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
     const BIGNUM *order, const BIGNUM *cofactor)
 {
         if (generator == NULL) {
-                ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         if (group->generator == NULL) {
@@ -398,7 +398,7 @@ EC_GROUP_set_curve_GFp(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
     const BIGNUM * b, BN_CTX * ctx)
 {
         if (group->meth->group_set_curve == 0) {
-                ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         return group->meth->group_set_curve(group, p, a, b, ctx);
@@ -410,7 +410,7 @@ EC_GROUP_get_curve_GFp(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
     BIGNUM * b, BN_CTX * ctx)
 {
         if (group->meth->group_get_curve == 0) {
-                ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         return group->meth->group_get_curve(group, p, a, b, ctx);
@@ -422,7 +422,7 @@ EC_GROUP_set_curve_GF2m(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
     const BIGNUM * b, BN_CTX * ctx)
 {
         if (group->meth->group_set_curve == 0) {
-                ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         return group->meth->group_set_curve(group, p, a, b, ctx);
@@ -434,7 +434,7 @@ EC_GROUP_get_curve_GF2m(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
     BIGNUM * b, BN_CTX * ctx)
 {
         if (group->meth->group_get_curve == 0) {
-                ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         return group->meth->group_get_curve(group, p, a, b, ctx);
@@ -445,7 +445,7 @@ int
 EC_GROUP_get_degree(const EC_GROUP * group)
 {
         if (group->meth->group_get_degree == 0) {
-                ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         return group->meth->group_get_degree(group);
@@ -456,7 +456,7 @@ int
 EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
 {
         if (group->meth->group_check_discriminant == 0) {
-                ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         return group->meth->group_check_discriminant(group, ctx);
@@ -553,7 +553,7 @@ EC_EX_DATA_set_data(EC_EXTRA_DATA ** ex_data, void *data,
         for (d = *ex_data; d != NULL; d = d->next) {
                 if (d->dup_func == dup_func && d->free_func == free_func &&
                     d->clear_free_func == clear_free_func) {
-                        ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
+                        ECerror(EC_R_SLOT_FULL);
                         return 0;
                 }
         }
@@ -699,16 +699,16 @@ EC_POINT_new(const EC_GROUP * group)
         EC_POINT *ret;
 
         if (group == NULL) {
-                ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return NULL;
         }
         if (group->meth->point_init == 0) {
-                ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return NULL;
         }
         ret = malloc(sizeof *ret);
         if (ret == NULL) {
-                ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         ret->meth = group->meth;
@@ -752,11 +752,11 @@ int
 EC_POINT_copy(EC_POINT * dest, const EC_POINT * src)
 {
         if (dest->meth->point_copy == 0) {
-                ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (dest->meth != src->meth) {
-                ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         if (dest == src)
@@ -797,11 +797,11 @@ int
 EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
 {
         if (group->meth->point_set_to_infinity == 0) {
-                ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->point_set_to_infinity(group, point);
@@ -813,11 +813,11 @@ EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
     const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
 {
         if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
-                ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
@@ -829,11 +829,11 @@ EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
     const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
 {
         if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
-                ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
@@ -845,11 +845,11 @@ EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
     const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
 {
         if (group->meth->point_set_affine_coordinates == 0) {
-                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
@@ -861,11 +861,11 @@ EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
     const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
 {
         if (group->meth->point_set_affine_coordinates == 0) {
-                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
@@ -877,11 +877,11 @@ EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point
     BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
 {
         if (group->meth->point_get_affine_coordinates == 0) {
-                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
@@ -893,11 +893,11 @@ EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *poin
     BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
 {
         if (group->meth->point_get_affine_coordinates == 0) {
-                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
@@ -909,11 +909,11 @@ EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
     const EC_POINT *b, BN_CTX *ctx)
 {
         if (group->meth->add == 0) {
-                ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) {
-                ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->add(group, r, a, b, ctx);
@@ -924,11 +924,11 @@ int
 EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
 {
         if (group->meth->dbl == 0) {
-                ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if ((group->meth != r->meth) || (r->meth != a->meth)) {
-                ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->dbl(group, r, a, ctx);
@@ -939,11 +939,11 @@ int
 EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
 {
         if (group->meth->invert == 0) {
-                ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != a->meth) {
-                ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->invert(group, a, ctx);
@@ -954,11 +954,11 @@ int
 EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
 {
         if (group->meth->is_at_infinity == 0) {
-                ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->is_at_infinity(group, point);
@@ -969,11 +969,11 @@ int
 EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx)
 {
         if (group->meth->is_on_curve == 0) {
-                ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->is_on_curve(group, point, ctx);
@@ -985,11 +985,11 @@ EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
     BN_CTX * ctx)
 {
         if (group->meth->point_cmp == 0) {
-                ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return -1;
         }
         if ((group->meth != a->meth) || (a->meth != b->meth)) {
-                ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return -1;
         }
         return group->meth->point_cmp(group, a, b, ctx);
@@ -1000,11 +1000,11 @@ int
 EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
 {
         if (group->meth->make_affine == 0) {
-                ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         return group->meth->make_affine(group, point, ctx);
@@ -1018,12 +1018,12 @@ EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
         size_t i;
 
         if (group->meth->points_make_affine == 0) {
-                ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         for (i = 0; i < num; i++) {
                 if (group->meth != points[i]->meth) {
-                        ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+                        ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                         return 0;
                 }
         }
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index e428ac586b..e44104d21c 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_mult.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: ec_mult.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
  */
@@ -107,7 +107,7 @@ ec_pre_comp_new(const EC_GROUP * group)
 
         ret = malloc(sizeof(EC_PRE_COMP));
         if (!ret) {
-                ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return ret;
         }
         ret->group = group;
@@ -205,7 +205,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
         if (BN_is_zero(scalar)) {
                 r = malloc(1);
                 if (!r) {
-                        ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 r[0] = 0;
@@ -215,7 +215,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
         if (w <= 0 || w > 7) {
                 /* 'signed char' can represent integers with
                  * absolute values less than 2^7 */
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                ECerror(ERR_R_INTERNAL_ERROR);
                 goto err;
         }
         bit = 1 << w;           /* at most 128 */
@@ -226,7 +226,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
                 sign = -1;
         }
         if (scalar->d == NULL || scalar->top == 0) {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                ECerror(ERR_R_INTERNAL_ERROR);
                 goto err;
         }
         len = BN_num_bits(scalar);
@@ -235,7 +235,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
                                  * set to the actual length, i.e. at most
                                  * BN_num_bits(scalar) + 1) */
         if (r == NULL) {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         window_val = scalar->d[0] & mask;
@@ -269,7 +269,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
                         }
 
                         if (digit <= -bit || digit >= bit || !(digit & 1)) {
-                                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                                ECerror(ERR_R_INTERNAL_ERROR);
                                 goto err;
                         }
                         window_val -= digit;
@@ -280,7 +280,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
                          * be 2^w
                          */
                         if (window_val != 0 && window_val != next_bit && window_val != bit) {
-                                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                                ECerror(ERR_R_INTERNAL_ERROR);
                                 goto err;
                         }
                 }
@@ -290,13 +290,13 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
                 window_val += bit * BN_is_bit_set(scalar, j + w);
 
                 if (window_val > next_bit) {
-                        ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                        ECerror(ERR_R_INTERNAL_ERROR);
                         goto err;
                 }
         }
 
         if (j > len + 1) {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                ECerror(ERR_R_INTERNAL_ERROR);
                 goto err;
         }
         len = j;
@@ -363,7 +363,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
         int ret = 0;
 
         if (group->meth != r->meth) {
-                ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         if ((scalar == NULL) && (num == 0)) {
@@ -371,7 +371,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
         }
         for (i = 0; i < num; i++) {
                 if (group->meth != points[i]->meth) {
-                        ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+                        ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                         return 0;
                 }
         }
@@ -384,7 +384,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
         if (scalar != NULL) {
                 generator = EC_GROUP_get0_generator(group);
                 if (generator == NULL) {
-                        ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
+                        ECerror(EC_R_UNDEFINED_GENERATOR);
                         goto err;
                 }
                 /* look if we can use precomputed multiples of generator */
@@ -413,7 +413,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
 
                         /* check that pre_comp looks sane */
                         if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) {
-                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                                ECerror(ERR_R_INTERNAL_ERROR);
                                 goto err;
                         }
                 } else {
@@ -429,7 +429,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
         /* includes space for pivot */
         wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]);
         if (wNAF == NULL) {
-                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -440,7 +440,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
         val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]);
 
         if (wsize == NULL || wNAF_len == NULL || val_sub == NULL) {
-                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -466,7 +466,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
 
                 if (pre_comp == NULL) {
                         if (num_scalar != 1) {
-                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                                ECerror(ERR_R_INTERNAL_ERROR);
                                 goto err;
                         }
                         /* we have already generated a wNAF for 'scalar' */
@@ -474,7 +474,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
                         size_t tmp_len = 0;
 
                         if (num_scalar != 0) {
-                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                                ECerror(ERR_R_INTERNAL_ERROR);
                                 goto err;
                         }
                         /*
@@ -524,7 +524,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
                                          */
                                         numblocks = (tmp_len + blocksize - 1) / blocksize;
                                         if (numblocks > pre_comp->numblocks) {
-                                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                                                ECerror(ERR_R_INTERNAL_ERROR);
                                                 goto err;
                                         }
                                         totalnum = num + numblocks;
@@ -537,7 +537,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
                                         if (i < totalnum - 1) {
                                                 wNAF_len[i] = blocksize;
                                                 if (tmp_len < blocksize) {
-                                                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                                                        ECerror(ERR_R_INTERNAL_ERROR);
                                                         goto err;
                                                 }
                                                 tmp_len -= blocksize;
@@ -553,7 +553,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
                                         wNAF[i + 1] = NULL;
                                         wNAF[i] = malloc(wNAF_len[i]);
                                         if (wNAF[i] == NULL) {
-                                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+                                                ECerror(ERR_R_MALLOC_FAILURE);
                                                 goto err;
                                         }
                                         memcpy(wNAF[i], pp, wNAF_len[i]);
@@ -561,7 +561,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
                                                 max_len = wNAF_len[i];
 
                                         if (*tmp_points == NULL) {
-                                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                                                ECerror(ERR_R_INTERNAL_ERROR);
                                                 goto err;
                                         }
                                         val_sub[i] = tmp_points;
@@ -579,7 +579,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
          */
         val = reallocarray(NULL, (num_val + 1), sizeof val[0]);
         if (val == NULL) {
-                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         val[num_val] = NULL;    /* pivot element */
@@ -596,7 +596,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
                 }
         }
         if (!(v == val + num_val)) {
-                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                ECerror(ERR_R_INTERNAL_ERROR);
                 goto err;
         }
         if (!(tmp = EC_POINT_new(group)))
@@ -743,7 +743,7 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
 
         generator = EC_GROUP_get0_generator(group);
         if (generator == NULL) {
-                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
+                ECerror(EC_R_UNDEFINED_GENERATOR);
                 goto err;
         }
         if (ctx == NULL) {
@@ -758,7 +758,7 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
         if (!EC_GROUP_get_order(group, order, ctx))
                 goto err;
         if (BN_is_zero(order)) {
-                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
+                ECerror(EC_R_UNKNOWN_ORDER);
                 goto err;
         }
         bits = BN_num_bits(order);
@@ -786,20 +786,20 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
 
         points = reallocarray(NULL, (num + 1), sizeof(EC_POINT *));
         if (!points) {
-                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         var = points;
         var[num] = NULL;        /* pivot */
         for (i = 0; i < num; i++) {
                 if ((var[i] = EC_POINT_new(group)) == NULL) {
-                        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
 
         if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) {
-                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (!EC_POINT_copy(base, generator))
@@ -829,7 +829,7 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
                         size_t k;
 
                         if (blocksize <= 2) {
-                                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
+                                ECerror(ERR_R_INTERNAL_ERROR);
                                 goto err;
                         }
                         if (!EC_POINT_dbl(group, base, tmp_point, ctx))
diff --git a/src/lib/libcrypto/ec/ec_oct.c b/src/lib/libcrypto/ec/ec_oct.c
index 82124a8f80..f44b174fd7 100644
--- a/src/lib/libcrypto/ec/ec_oct.c
+++ b/src/lib/libcrypto/ec/ec_oct.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_oct.c,v 1.4 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: ec_oct.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -76,11 +76,11 @@ EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point
 {
         if (group->meth->point_set_compressed_coordinates == 0
             && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
-                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
@@ -90,7 +90,7 @@ EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point
                 else
 #ifdef OPENSSL_NO_EC2M
                 {
-                        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_GF2M_NOT_SUPPORTED);
+                        ECerror(EC_R_GF2M_NOT_SUPPORTED);
                         return 0;
                 }
 #else
@@ -108,11 +108,11 @@ EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP * group, EC_POINT * poin
 {
         if (group->meth->point_set_compressed_coordinates == 0
             && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
-                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
@@ -134,11 +134,11 @@ EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
 {
         if (group->meth->point2oct == 0
             && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
-                ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
@@ -148,7 +148,7 @@ EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
                 else
 #ifdef OPENSSL_NO_EC2M
                 {
-                        ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_GF2M_NOT_SUPPORTED);
+                        ECerror(EC_R_GF2M_NOT_SUPPORTED);
                         return 0;
                 }
 #else
@@ -166,11 +166,11 @@ EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
 {
         if (group->meth->oct2point == 0 &&
             !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
-                ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 return 0;
         }
         if (group->meth != point->meth) {
-                ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
         if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
@@ -180,7 +180,7 @@ EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
                 else
 #ifdef OPENSSL_NO_EC2M
                 {
-                        ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_GF2M_NOT_SUPPORTED);
+                        ECerror(EC_R_GF2M_NOT_SUPPORTED);
                         return 0;
                 }
 #else
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c
index a52bff1f2f..08172fe0c6 100644
--- a/src/lib/libcrypto/ec/ec_pmeth.c
+++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_pmeth.c,v 1.9 2015/06/20 14:19:39 jsing Exp $ */
+/* $OpenBSD: ec_pmeth.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -132,7 +132,7 @@ pkey_ec_sign(EVP_PKEY_CTX * ctx, unsigned char *sig, size_t * siglen,
                 *siglen = ECDSA_size(ec);
                 return 1;
         } else if (*siglen < (size_t) ECDSA_size(ec)) {
-                ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
+                ECerror(EC_R_BUFFER_TOO_SMALL);
                 return 0;
         }
         if (dctx->md)
@@ -175,7 +175,7 @@ pkey_ec_derive(EVP_PKEY_CTX * ctx, unsigned char *key, size_t * keylen)
         size_t outlen;
         const EC_POINT *pubkey = NULL;
         if (!ctx->pkey || !ctx->peerkey) {
-                ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET);
+                ECerror(EC_R_KEYS_NOT_SET);
                 return 0;
         }
         if (!key) {
@@ -209,7 +209,7 @@ pkey_ec_ctrl(EVP_PKEY_CTX * ctx, int type, int p1, void *p2)
         case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
                 group = EC_GROUP_new_by_curve_name(p1);
                 if (group == NULL) {
-                        ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
+                        ECerror(EC_R_INVALID_CURVE);
                         return 0;
                 }
                 EC_GROUP_free(dctx->gen_group);
@@ -223,7 +223,7 @@ pkey_ec_ctrl(EVP_PKEY_CTX * ctx, int type, int p1, void *p2)
                     EVP_MD_type((const EVP_MD *) p2) != NID_sha256 &&
                     EVP_MD_type((const EVP_MD *) p2) != NID_sha384 &&
                     EVP_MD_type((const EVP_MD *) p2) != NID_sha512) {
-                        ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
+                        ECerror(EC_R_INVALID_DIGEST_TYPE);
                         return 0;
                 }
                 dctx->md = p2;
@@ -254,7 +254,7 @@ pkey_ec_ctrl_str(EVP_PKEY_CTX * ctx,
                 if (nid == NID_undef)
                         nid = OBJ_ln2nid(value);
                 if (nid == NID_undef) {
-                        ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
+                        ECerror(EC_R_INVALID_CURVE);
                         return 0;
                 }
                 return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
@@ -269,7 +269,7 @@ pkey_ec_paramgen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
         EC_PKEY_CTX *dctx = ctx->data;
         int ret = 0;
         if (dctx->gen_group == NULL) {
-                ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
+                ECerror(EC_R_NO_PARAMETERS_SET);
                 return 0;
         }
         ec = EC_KEY_new();
@@ -288,7 +288,7 @@ pkey_ec_keygen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
 {
         EC_KEY *ec = NULL;
         if (ctx->pkey == NULL) {
-                ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
+                ECerror(EC_R_NO_PARAMETERS_SET);
                 return 0;
         }
         ec = EC_KEY_new();
diff --git a/src/lib/libcrypto/ec/eck_prn.c b/src/lib/libcrypto/ec/eck_prn.c
index 06cdd69591..653d78e5cd 100644
--- a/src/lib/libcrypto/ec/eck_prn.c
+++ b/src/lib/libcrypto/ec/eck_prn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eck_prn.c,v 1.11 2015/06/20 14:17:07 jsing Exp $ */
+/* $OpenBSD: eck_prn.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -78,7 +78,7 @@ ECPKParameters_print_fp(FILE * fp, const EC_GROUP * x, int off)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB);
+                ECerror(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -94,7 +94,7 @@ EC_KEY_print_fp(FILE * fp, const EC_KEY * x, int off)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+                ECerror(ERR_R_BIO_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -110,7 +110,7 @@ ECParameters_print_fp(FILE * fp, const EC_KEY * x)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+                ECerror(ERR_R_BIO_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -323,7 +323,7 @@ ECPKParameters_print(BIO * bp, const EC_GROUP * x, int off)
         ret = 1;
 err:
         if (!ret)
-                ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+                ECerror(reason);
         BN_free(p);
         BN_free(a);
         BN_free(b);
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
index a3ad4e1ce9..68fc26de1e 100644
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ b/src/lib/libcrypto/ec/ecp_mont.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_mont.c,v 1.10 2015/02/13 00:46:03 beck Exp $ */
+/* $OpenBSD: ecp_mont.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -203,7 +203,7 @@ ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
         if (mont == NULL)
                 goto err;
         if (!BN_MONT_CTX_set(mont, p, ctx)) {
-                ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
+                ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         one = BN_new();
@@ -238,7 +238,7 @@ ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
     const BIGNUM *b, BN_CTX *ctx)
 {
         if (group->field_data1 == NULL) {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
+                ECerror(EC_R_NOT_INITIALIZED);
                 return 0;
         }
         return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
@@ -250,7 +250,7 @@ ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
     BN_CTX *ctx)
 {
         if (group->field_data1 == NULL) {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
+                ECerror(EC_R_NOT_INITIALIZED);
                 return 0;
         }
         return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
@@ -262,7 +262,7 @@ ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
     BN_CTX *ctx)
 {
         if (group->field_data1 == NULL) {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
+                ECerror(EC_R_NOT_INITIALIZED);
                 return 0;
         }
         return BN_to_montgomery(r, a, (BN_MONT_CTX *) group->field_data1, ctx);
@@ -274,7 +274,7 @@ ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
     BN_CTX *ctx)
 {
         if (group->field_data1 == NULL) {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+                ECerror(EC_R_NOT_INITIALIZED);
                 return 0;
         }
         return BN_from_montgomery(r, a, group->field_data1, ctx);
@@ -285,7 +285,7 @@ int
 ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
 {
         if (group->field_data2 == NULL) {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
+                ECerror(EC_R_NOT_INITIALIZED);
                 return 0;
         }
         if (!BN_copy(r, group->field_data2))
diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c
index a33f9d9e39..24cba64d2e 100644
--- a/src/lib/libcrypto/ec/ecp_nist.c
+++ b/src/lib/libcrypto/ec/ecp_nist.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nist.c,v 1.9 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: ecp_nist.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -145,7 +145,7 @@ ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
         else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
                 group->field_mod_func = BN_nist_mod_521;
         else {
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
+                ECerror(EC_R_NOT_A_NIST_PRIME);
                 goto err;
         }
 
@@ -166,7 +166,7 @@ ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
         BN_CTX *ctx_new = NULL;
 
         if (!group || !r || !a || !b) {
-                ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 goto err;
         }
         if (!ctx)
@@ -193,7 +193,7 @@ ec_GFp_nist_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a,
         BN_CTX *ctx_new = NULL;
 
         if (!group || !r || !a) {
-                ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
+                ECerror(EC_R_PASSED_NULL_PARAMETER);
                 goto err;
         }
         if (!ctx)
diff --git a/src/lib/libcrypto/ec/ecp_nistp224.c b/src/lib/libcrypto/ec/ecp_nistp224.c
index 0976f24a9f..38dd83b6d9 100644
--- a/src/lib/libcrypto/ec/ecp_nistp224.c
+++ b/src/lib/libcrypto/ec/ecp_nistp224.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp224.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: ecp_nistp224.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Written by Emilia Kasper (Google) for the OpenSSL project.
  */
@@ -319,11 +319,11 @@ BN_to_felem(felem out, const BIGNUM * bn)
         memset(b_out, 0, sizeof b_out);
         num_bytes = BN_num_bytes(bn);
         if (num_bytes > sizeof b_out) {
-                ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+                ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
                 return 0;
         }
         if (BN_is_negative(bn)) {
-                ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+                ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
                 return 0;
         }
         num_bytes = BN_bn2bin(bn, b_in);
@@ -1191,7 +1191,7 @@ nistp224_pre_comp_new()
         NISTP224_PRE_COMP *ret = NULL;
         ret = malloc(sizeof *ret);
         if (!ret) {
-                ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return ret;
         }
         memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
@@ -1277,8 +1277,7 @@ ec_GFp_nistp224_group_set_curve(EC_GROUP * group, const BIGNUM * p,
         BN_bin2bn(nistp224_curve_params[2], sizeof(felem_bytearray), curve_b);
         if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) ||
             (BN_cmp(curve_b, b))) {
-                ECerr(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE,
-                    EC_R_WRONG_CURVE_PARAMETERS);
+                ECerror(EC_R_WRONG_CURVE_PARAMETERS);
                 goto err;
         }
         group->field_mod_func = BN_nist_mod_224;
@@ -1299,8 +1298,7 @@ ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
         widefelem tmp;
 
         if (EC_POINT_is_at_infinity(group, point) > 0) {
-                ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
-                    EC_R_POINT_AT_INFINITY);
+                ECerror(EC_R_POINT_AT_INFINITY);
                 return 0;
         }
         if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
@@ -1314,8 +1312,7 @@ ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
         felem_contract(x_out, x_in);
         if (x != NULL) {
                 if (!felem_to_BN(x, x_out)) {
-                        ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
-                            ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         return 0;
                 }
         }
@@ -1326,8 +1323,7 @@ ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
         felem_contract(y_out, y_in);
         if (y != NULL) {
                 if (!felem_to_BN(y, y_out)) {
-                        ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
-                            ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         return 0;
                 }
         }
@@ -1410,7 +1406,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
                 if (!felem_to_BN(x, g_pre_comp[0][1][0]) ||
                     !felem_to_BN(y, g_pre_comp[0][1][1]) ||
                     !felem_to_BN(z, g_pre_comp[0][1][2])) {
-                        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         goto err;
                 }
                 if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
@@ -1443,7 +1439,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
                             (num_points * 17 + 1), sizeof(felem));
                 }
                 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
-                        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 /*
@@ -1471,7 +1467,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
                                          * don't guarantee constant-timeness
                                          */
                                         if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
-                                                ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                                                ECerror(ERR_R_BN_LIB);
                                                 goto err;
                                         }
                                         num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -1513,7 +1509,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
                          * constant-timeness
                          */
                         if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
-                                ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                                ECerror(ERR_R_BN_LIB);
                                 goto err;
                         }
                         num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -1537,7 +1533,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
         felem_contract(z_in, z_out);
         if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
             (!felem_to_BN(z, z_in))) {
-                ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
diff --git a/src/lib/libcrypto/ec/ecp_nistp256.c b/src/lib/libcrypto/ec/ecp_nistp256.c
index be1d2a5402..4771a92efd 100644
--- a/src/lib/libcrypto/ec/ecp_nistp256.c
+++ b/src/lib/libcrypto/ec/ecp_nistp256.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp256.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: ecp_nistp256.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Written by Adam Langley (Google) for the OpenSSL project
  */
@@ -156,11 +156,11 @@ BN_to_felem(felem out, const BIGNUM * bn)
         memset(b_out, 0, sizeof b_out);
         num_bytes = BN_num_bytes(bn);
         if (num_bytes > sizeof b_out) {
-                ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+                ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
                 return 0;
         }
         if (BN_is_negative(bn)) {
-                ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+                ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
                 return 0;
         }
         num_bytes = BN_bn2bin(bn, b_in);
@@ -1740,7 +1740,7 @@ nistp256_pre_comp_new()
         NISTP256_PRE_COMP *ret = NULL;
         ret = malloc(sizeof *ret);
         if (!ret) {
-                ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return ret;
         }
         memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
@@ -1826,8 +1826,7 @@ ec_GFp_nistp256_group_set_curve(EC_GROUP * group, const BIGNUM * p,
         BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b);
         if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) ||
             (BN_cmp(curve_b, b))) {
-                ECerr(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE,
-                    EC_R_WRONG_CURVE_PARAMETERS);
+                ECerror(EC_R_WRONG_CURVE_PARAMETERS);
                 goto err;
         }
         group->field_mod_func = BN_nist_mod_256;
@@ -1849,8 +1848,7 @@ ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group,
         longfelem tmp;
 
         if (EC_POINT_is_at_infinity(group, point) > 0) {
-                ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
-                    EC_R_POINT_AT_INFINITY);
+                ECerror(EC_R_POINT_AT_INFINITY);
                 return 0;
         }
         if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
@@ -1864,8 +1862,7 @@ ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group,
         felem_contract(x_out, x_in);
         if (x != NULL) {
                 if (!smallfelem_to_BN(x, x_out)) {
-                        ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
-                            ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         return 0;
                 }
         }
@@ -1876,8 +1873,7 @@ ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group,
         felem_contract(y_out, y_in);
         if (y != NULL) {
                 if (!smallfelem_to_BN(y, y_out)) {
-                        ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
-                            ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         return 0;
                 }
         }
@@ -1960,7 +1956,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
                 if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) ||
                     !smallfelem_to_BN(y, g_pre_comp[0][1][1]) ||
                     !smallfelem_to_BN(z, g_pre_comp[0][1][2])) {
-                        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         goto err;
                 }
                 if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
@@ -1993,7 +1989,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
                             (num_points * 17 + 1), sizeof(smallfelem));
                 }
                 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) {
-                        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 /*
@@ -2024,7 +2020,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
                                          * don't guarantee constant-timeness
                                          */
                                         if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
-                                                ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                                                ECerror(ERR_R_BN_LIB);
                                                 goto err;
                                         }
                                         num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -2066,7 +2062,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
                          * constant-timeness
                          */
                         if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
-                                ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                                ECerror(ERR_R_BN_LIB);
                                 goto err;
                         }
                         num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -2090,7 +2086,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
         felem_contract(z_in, z_out);
         if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) ||
             (!smallfelem_to_BN(z, z_in))) {
-                ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c
index cfa13b41f8..22bafe392f 100644
--- a/src/lib/libcrypto/ec/ecp_nistp521.c
+++ b/src/lib/libcrypto/ec/ecp_nistp521.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp521.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: ecp_nistp521.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Written by Adam Langley (Google) for the OpenSSL project
  */
@@ -182,11 +182,11 @@ BN_to_felem(felem out, const BIGNUM * bn)
         memset(b_out, 0, sizeof b_out);
         num_bytes = BN_num_bytes(bn);
         if (num_bytes > sizeof b_out) {
-                ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+                ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
                 return 0;
         }
         if (BN_is_negative(bn)) {
-                ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+                ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
                 return 0;
         }
         num_bytes = BN_bn2bin(bn, b_in);
@@ -1631,7 +1631,7 @@ nistp521_pre_comp_new()
         NISTP521_PRE_COMP *ret = NULL;
         ret = malloc(sizeof(NISTP521_PRE_COMP));
         if (!ret) {
-                ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return ret;
         }
         memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
@@ -1717,8 +1717,7 @@ ec_GFp_nistp521_group_set_curve(EC_GROUP * group, const BIGNUM * p,
         BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b);
         if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) ||
             (BN_cmp(curve_b, b))) {
-                ECerr(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE,
-                    EC_R_WRONG_CURVE_PARAMETERS);
+                ECerror(EC_R_WRONG_CURVE_PARAMETERS);
                 goto err;
         }
         group->field_mod_func = BN_nist_mod_521;
@@ -1739,8 +1738,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
         largefelem tmp;
 
         if (EC_POINT_is_at_infinity(group, point) > 0) {
-                ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES,
-                    EC_R_POINT_AT_INFINITY);
+                ECerror(EC_R_POINT_AT_INFINITY);
                 return 0;
         }
         if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
@@ -1754,7 +1752,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
         felem_contract(x_out, x_in);
         if (x != NULL) {
                 if (!felem_to_BN(x, x_out)) {
-                        ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         return 0;
                 }
         }
@@ -1765,7 +1763,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
         felem_contract(y_out, y_in);
         if (y != NULL) {
                 if (!felem_to_BN(y, y_out)) {
-                        ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         return 0;
                 }
         }
@@ -1847,7 +1845,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
                 if (!felem_to_BN(x, g_pre_comp[1][0]) ||
                     !felem_to_BN(y, g_pre_comp[1][1]) ||
                     !felem_to_BN(z, g_pre_comp[1][2])) {
-                        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         goto err;
                 }
                 if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
@@ -1880,7 +1878,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
                             (num_points * 17 + 1), sizeof(felem));
                 }
                 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
-                        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 /*
@@ -1911,7 +1909,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
                                          * don't guarantee constant-timeness
                                          */
                                         if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
-                                                ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                                                ECerror(ERR_R_BN_LIB);
                                                 goto err;
                                         }
                                         num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -1953,7 +1951,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
                          * constant-timeness
                          */
                         if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
-                                ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                                ECerror(ERR_R_BN_LIB);
                                 goto err;
                         }
                         num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -1977,7 +1975,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
         felem_contract(z_in, z_out);
         if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
             (!felem_to_BN(z, z_in))) {
-                ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
diff --git a/src/lib/libcrypto/ec/ecp_nistz256.c b/src/lib/libcrypto/ec/ecp_nistz256.c
index b9ad89c1d3..848f15cb17 100644
--- a/src/lib/libcrypto/ec/ecp_nistz256.c
+++ b/src/lib/libcrypto/ec/ecp_nistz256.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ecp_nistz256.c,v 1.1 2016/11/04 17:33:19 miod Exp $   */
+/*      $OpenBSD: ecp_nistz256.c,v 1.2 2017/01/29 17:49:23 beck Exp $   */
 /* Copyright (c) 2014, Intel Corporation.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -311,7 +311,7 @@ static int
 ecp_nistz256_set_words(BIGNUM *a, BN_ULONG words[P256_LIMBS])
 {
         if (bn_wexpand(a, P256_LIMBS) == NULL) {
-                ECerr(EC_F_ECP_NISTZ256_SET_WORDS, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         memcpy(a->d, words, sizeof(BN_ULONG) * P256_LIMBS);
@@ -441,7 +441,7 @@ ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
         if (posix_memalign((void **)&table, 64, num * sizeof(*table)) != 0 ||
             (p_str = reallocarray(NULL, num, sizeof(*p_str))) == NULL ||
             (scalars = reallocarray(NULL, num, sizeof(*scalars))) == NULL) {
-                ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -458,8 +458,7 @@ ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
                         if ((mod = BN_CTX_get(ctx)) == NULL)
                                 goto err;
                         if (!BN_nnmod(mod, scalar[i], &group->order, ctx)) {
-                                ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL,
-                                    ERR_R_BN_LIB);
+                                ECerror(ERR_R_BN_LIB);
                                 goto err;
                         }
                         scalars[i] = mod;
@@ -496,8 +495,7 @@ ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
                       &point[i]->Y) ||
                     !ecp_nistz256_bignum_to_field_elem(row[1 - 1].Z,
                       &point[i]->Z)) {
-                        ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL,
-                            EC_R_COORDINATES_OUT_OF_RANGE);
+                        ECerror(EC_R_COORDINATES_OUT_OF_RANGE);
                         goto err;
                 }
 
@@ -623,8 +621,7 @@ ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
 
         generator = EC_GROUP_get0_generator(group);
         if (generator == NULL) {
-                ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE,
-                    EC_R_UNDEFINED_GENERATOR);
+                ECerror(EC_R_UNDEFINED_GENERATOR);
                 return 0;
         }
 
@@ -655,12 +652,12 @@ ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
                 goto err;
 
         if (BN_is_zero(order)) {
-                ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNKNOWN_ORDER);
+                ECerror(EC_R_UNKNOWN_ORDER);
                 goto err;
         }
 
         if (posix_memalign((void **)&precomp, 64, 37 * sizeof(*precomp)) != 0) {
-                ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -690,8 +687,7 @@ ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
                               precomp[j][k].X, &P->X) ||
                             !ecp_nistz256_bignum_to_field_elem(
                               precomp[j][k].Y, &P->Y)) {
-                                ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE,
-                                    EC_R_COORDINATES_OUT_OF_RANGE);
+                                ECerror(EC_R_COORDINATES_OUT_OF_RANGE);
                                 goto err;
                         }
                         for (i = 0; i < 7; i++) {
@@ -783,7 +779,7 @@ ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r,
         BIGNUM *tmp_scalar;
 
         if (group->meth != r->meth) {
-                ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                 return 0;
         }
 
@@ -792,8 +788,7 @@ ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r,
 
         for (j = 0; j < num; j++) {
                 if (group->meth != points[j]->meth) {
-                        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL,
-                            EC_R_INCOMPATIBLE_OBJECTS);
+                        ECerror(EC_R_INCOMPATIBLE_OBJECTS);
                         return 0;
                 }
         }
@@ -809,8 +804,7 @@ ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r,
         if (scalar) {
                 generator = EC_GROUP_get0_generator(group);
                 if (generator == NULL) {
-                        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL,
-                            EC_R_UNDEFINED_GENERATOR);
+                        ECerror(EC_R_UNDEFINED_GENERATOR);
                         goto err;
                 }
 
@@ -860,8 +854,7 @@ ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r,
 
                                 if (!BN_nnmod(tmp_scalar, scalar, &group->order,
                                       ctx)) {
-                                        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL,
-                                            ERR_R_BN_LIB);
+                                        ECerror(ERR_R_BN_LIB);
                                         goto err;
                                 }
                                 scalar = tmp_scalar;
@@ -955,8 +948,7 @@ ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r,
                 new_scalars = reallocarray(NULL, num + 1, sizeof(BIGNUM *));
                 new_points = reallocarray(NULL, num + 1, sizeof(EC_POINT *));
                 if (new_scalars == NULL || new_points == NULL) {
-                        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL,
-                            ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
 
@@ -1011,15 +1003,14 @@ ecp_nistz256_get_affine(const EC_GROUP *group, const EC_POINT *point,
         BN_ULONG point_x[P256_LIMBS], point_y[P256_LIMBS], point_z[P256_LIMBS];
 
         if (EC_POINT_is_at_infinity(group, point)) {
-                ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_POINT_AT_INFINITY);
+                ECerror(EC_R_POINT_AT_INFINITY);
                 return 0;
         }
 
         if (!ecp_nistz256_bignum_to_field_elem(point_x, &point->X) ||
             !ecp_nistz256_bignum_to_field_elem(point_y, &point->Y) ||
             !ecp_nistz256_bignum_to_field_elem(point_z, &point->Z)) {
-                ECerr(EC_F_ECP_NISTZ256_GET_AFFINE,
-                    EC_R_COORDINATES_OUT_OF_RANGE);
+                ECerror(EC_R_COORDINATES_OUT_OF_RANGE);
                 return 0;
         }
 
@@ -1066,7 +1057,7 @@ ecp_nistz256_pre_comp_new(const EC_GROUP *group)
 
         ret = (EC_PRE_COMP *)malloc(sizeof(EC_PRE_COMP));
         if (ret == NULL) {
-                ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+                ECerror(ERR_R_MALLOC_FAILURE);
                 return ret;
         }
 
diff --git a/src/lib/libcrypto/ec/ecp_oct.c b/src/lib/libcrypto/ec/ecp_oct.c
index 994f0b08b1..b93b516907 100644
--- a/src/lib/libcrypto/ec/ecp_oct.c
+++ b/src/lib/libcrypto/ec/ecp_oct.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_oct.c,v 1.7 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: ecp_oct.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project.
  * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -155,9 +155,9 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group,
 
                 if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
                         ERR_clear_error();
-                        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
+                        ECerror(EC_R_INVALID_COMPRESSED_POINT);
                 } else
-                        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                 goto err;
         }
         if (y_bit != BN_is_odd(y)) {
@@ -169,20 +169,20 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group,
                                 goto err;
 
                         if (kron == 1)
-                                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT);
+                                ECerror(EC_R_INVALID_COMPRESSION_BIT);
                         else
                                 /*
                                  * BN_mod_sqrt() should have cought this
                                  * error (not a square)
                                  */
-                                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
+                                ECerror(EC_R_INVALID_COMPRESSED_POINT);
                         goto err;
                 }
                 if (!BN_usub(y, &group->field, y))
                         goto err;
         }
         if (y_bit != BN_is_odd(y)) {
-                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR);
+                ECerror(ERR_R_INTERNAL_ERROR);
                 goto err;
         }
         if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
@@ -210,14 +210,14 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
         if ((form != POINT_CONVERSION_COMPRESSED)
             && (form != POINT_CONVERSION_UNCOMPRESSED)
             && (form != POINT_CONVERSION_HYBRID)) {
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+                ECerror(EC_R_INVALID_FORM);
                 goto err;
         }
         if (EC_POINT_is_at_infinity(group, point) > 0) {
                 /* encodes to a single 0 octet */
                 if (buf != NULL) {
                         if (len < 1) {
-                                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                                ECerror(EC_R_BUFFER_TOO_SMALL);
                                 return 0;
                         }
                         buf[0] = 0;
@@ -231,7 +231,7 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
         /* if 'buf' is NULL, just return required length */
         if (buf != NULL) {
                 if (len < ret) {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                        ECerror(EC_R_BUFFER_TOO_SMALL);
                         goto err;
                 }
                 if (ctx == NULL) {
@@ -258,7 +258,7 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
 
                 skip = field_len - BN_num_bytes(x);
                 if (skip > field_len) {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                        ECerror(ERR_R_INTERNAL_ERROR);
                         goto err;
                 }
                 while (skip > 0) {
@@ -268,13 +268,13 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
                 skip = BN_bn2bin(x, buf + i);
                 i += skip;
                 if (i != 1 + field_len) {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                        ECerror(ERR_R_INTERNAL_ERROR);
                         goto err;
                 }
                 if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) {
                         skip = field_len - BN_num_bytes(y);
                         if (skip > field_len) {
-                                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                                ECerror(ERR_R_INTERNAL_ERROR);
                                 goto err;
                         }
                         while (skip > 0) {
@@ -285,7 +285,7 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
                         i += skip;
                 }
                 if (i != ret) {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                        ECerror(ERR_R_INTERNAL_ERROR);
                         goto err;
                 }
         }
@@ -314,7 +314,7 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
         int ret = 0;
 
         if (len == 0) {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+                ECerror(EC_R_BUFFER_TOO_SMALL);
                 return 0;
         }
         form = buf[0];
@@ -323,16 +323,16 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
         if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
             && (form != POINT_CONVERSION_UNCOMPRESSED)
             && (form != POINT_CONVERSION_HYBRID)) {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                ECerror(EC_R_INVALID_ENCODING);
                 return 0;
         }
         if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                ECerror(EC_R_INVALID_ENCODING);
                 return 0;
         }
         if (form == 0) {
                 if (len != 1) {
-                        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                        ECerror(EC_R_INVALID_ENCODING);
                         return 0;
                 }
                 return EC_POINT_set_to_infinity(group, point);
@@ -341,7 +341,7 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
         enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
 
         if (len != enc_len) {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                ECerror(EC_R_INVALID_ENCODING);
                 return 0;
         }
         if (ctx == NULL) {
@@ -358,7 +358,7 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
         if (!BN_bin2bn(buf + 1, field_len, x))
                 goto err;
         if (BN_ucmp(x, &group->field) >= 0) {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                ECerror(EC_R_INVALID_ENCODING);
                 goto err;
         }
         if (form == POINT_CONVERSION_COMPRESSED) {
@@ -368,12 +368,12 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
                 if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
                         goto err;
                 if (BN_ucmp(y, &group->field) >= 0) {
-                        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                        ECerror(EC_R_INVALID_ENCODING);
                         goto err;
                 }
                 if (form == POINT_CONVERSION_HYBRID) {
                         if (y_bit != BN_is_odd(y)) {
-                                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                                ECerror(EC_R_INVALID_ENCODING);
                                 goto err;
                         }
                 }
@@ -383,7 +383,7 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
 
         /* test required by X9.62 */
         if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+                ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
                 goto err;
         }
         ret = 1;
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index f497657463..ddba49c693 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_smpl.c,v 1.16 2017/01/21 11:00:47 beck Exp $ */
+/* $OpenBSD: ecp_smpl.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project.
  * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -180,7 +180,7 @@ ec_GFp_simple_group_set_curve(EC_GROUP * group,
 
         /* p must be a prime > 3 */
         if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) {
-                ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
+                ECerror(EC_R_INVALID_FIELD);
                 return 0;
         }
         if (ctx == NULL) {
@@ -289,7 +289,7 @@ ec_GFp_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
         if (ctx == NULL) {
                 ctx = new_ctx = BN_CTX_new();
                 if (ctx == NULL) {
-                        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
+                        ECerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
@@ -516,7 +516,7 @@ ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * po
 {
         if (x == NULL || y == NULL) {
                 /* unlike for projective coordinates, we do not tolerate this */
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
+                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
@@ -533,7 +533,7 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN
         int ret = 0;
 
         if (EC_POINT_is_at_infinity(group, point) > 0) {
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
+                ECerror(EC_R_POINT_AT_INFINITY);
                 return 0;
         }
         if (ctx == NULL) {
@@ -583,7 +583,7 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN
                 }
         } else {
                 if (!BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx)) {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         goto err;
                 }
                 if (group->meth->field_encode == 0) {
@@ -1210,7 +1210,7 @@ ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx
         if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
                 goto err;
         if (!point->Z_is_one) {
-                ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
+                ECerror(ERR_R_INTERNAL_ERROR);
                 goto err;
         }
         ret = 1;
@@ -1313,7 +1313,7 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
         /* invert heap[1] */
         if (!BN_is_zero(heap[1])) {
                 if (!BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx)) {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+                        ECerror(ERR_R_BN_LIB);
                         goto err;
                 }
         }
diff --git a/src/lib/libcrypto/ecdh/ech_err.c b/src/lib/libcrypto/ecdh/ech_err.c
index afe5ff3af8..149c2a8505 100644
--- a/src/lib/libcrypto/ecdh/ech_err.c
+++ b/src/lib/libcrypto/ecdh/ech_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ech_err.c,v 1.5 2015/09/13 11:49:44 jsing Exp $ */
+/* $OpenBSD: ech_err.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -72,9 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
 
 static ERR_STRING_DATA ECDH_str_functs[]= {
-        {ERR_FUNC(ECDH_F_ECDH_CHECK),   "ECDH_CHECK"},
-        {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY),     "ECDH_compute_key"},
-        {ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/ecdh/ech_key.c b/src/lib/libcrypto/ecdh/ech_key.c
index 33ee244499..5c2dc70b63 100644
--- a/src/lib/libcrypto/ecdh/ech_key.c
+++ b/src/lib/libcrypto/ecdh/ech_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ech_key.c,v 1.6 2015/09/18 13:04:41 bcook Exp $ */
+/* $OpenBSD: ech_key.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -106,7 +106,7 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
 
         if (outlen > INT_MAX) {
                 /* Sort of, anyway. */
-                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+                ECDHerror(ERR_R_MALLOC_FAILURE);
                 return -1;
         }
 
@@ -120,19 +120,18 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
 
         priv_key = EC_KEY_get0_private_key(ecdh);
         if (priv_key == NULL) {
-                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
+                ECDHerror(ECDH_R_NO_PRIVATE_VALUE);
                 goto err;
         }
 
         group = EC_KEY_get0_group(ecdh);
         if ((tmp = EC_POINT_new(group)) == NULL) {
-                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+                ECDHerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
-                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,
-                    ECDH_R_POINT_ARITHMETIC_FAILURE);
+                ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
                 goto err;
         }
 
@@ -140,8 +139,7 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
             NID_X9_62_prime_field) {
                 if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y,
                     ctx)) {
-                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,
-                            ECDH_R_POINT_ARITHMETIC_FAILURE);
+                        ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
                         goto err;
                 }
         }
@@ -149,8 +147,7 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
         else {
                 if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y,
                     ctx)) {
-                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,
-                            ECDH_R_POINT_ARITHMETIC_FAILURE);
+                        ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
                         goto err;
                 }
         }
@@ -159,28 +156,28 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
         buflen = ECDH_size(ecdh);
         len = BN_num_bytes(x);
         if (len > buflen) {
-                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
+                ECDHerror(ERR_R_INTERNAL_ERROR);
                 goto err;
         }
         if (KDF == NULL && outlen < buflen) {
                 /* The resulting key would be truncated. */
-                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KEY_TRUNCATION);
+                ECDHerror(ECDH_R_KEY_TRUNCATION);
                 goto err;
         }
         if ((buf = malloc(buflen)) == NULL) {
-                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+                ECDHerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         memset(buf, 0, buflen - len);
         if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
-                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+                ECDHerror(ERR_R_BN_LIB);
                 goto err;
         }
 
         if (KDF != NULL) {
                 if (KDF(buf, buflen, out, &outlen) == NULL) {
-                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED);
+                        ECDHerror(ECDH_R_KDF_FAILED);
                         goto err;
                 }
                 ret = outlen;
diff --git a/src/lib/libcrypto/ecdh/ech_lib.c b/src/lib/libcrypto/ecdh/ech_lib.c
index bb70d2d95f..06e6a1ee22 100644
--- a/src/lib/libcrypto/ecdh/ech_lib.c
+++ b/src/lib/libcrypto/ecdh/ech_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ech_lib.c,v 1.11 2015/09/13 12:03:07 jsing Exp $ */
+/* $OpenBSD: ech_lib.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -125,7 +125,7 @@ ECDH_DATA_new_method(ENGINE *engine)
 
         ret = malloc(sizeof(ECDH_DATA));
         if (ret == NULL) {
-                ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+                ECDHerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
 
@@ -139,7 +139,7 @@ ECDH_DATA_new_method(ENGINE *engine)
         if (ret->engine) {
                 ret->meth = ENGINE_get_ECDH(ret->engine);
                 if (!ret->meth) {
-                        ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        ECDHerror(ERR_R_ENGINE_LIB);
                         ENGINE_finish(ret->engine);
                         free(ret);
                         return NULL;
diff --git a/src/lib/libcrypto/ecdsa/ecs_err.c b/src/lib/libcrypto/ecdsa/ecs_err.c
index 26efc135e3..9c5a546746 100644
--- a/src/lib/libcrypto/ecdsa/ecs_err.c
+++ b/src/lib/libcrypto/ecdsa/ecs_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_err.c,v 1.4 2015/02/08 13:35:07 jsing Exp $ */
+/* $OpenBSD: ecs_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -72,11 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)
 
 static ERR_STRING_DATA ECDSA_str_functs[]= {
-        {ERR_FUNC(ECDSA_F_ECDSA_CHECK), "ECDSA_CHECK"},
-        {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD),       "ECDSA_DATA_NEW_METHOD"},
-        {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN),       "ECDSA_do_sign"},
-        {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY),     "ECDSA_do_verify"},
-        {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP),    "ECDSA_sign_setup"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/ecdsa/ecs_lib.c b/src/lib/libcrypto/ecdsa/ecs_lib.c
index 1ba788b4f0..ca0f51b366 100644
--- a/src/lib/libcrypto/ecdsa/ecs_lib.c
+++ b/src/lib/libcrypto/ecdsa/ecs_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_lib.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: ecs_lib.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
  *
@@ -113,7 +113,7 @@ ECDSA_DATA_new_method(ENGINE *engine)
 
         ret = malloc(sizeof(ECDSA_DATA));
         if (ret == NULL) {
-                ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+                ECDSAerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
 
@@ -127,8 +127,7 @@ ECDSA_DATA_new_method(ENGINE *engine)
         if (ret->engine) {
                 ret->meth = ENGINE_get_ECDSA(ret->engine);
                 if (!ret->meth) {
-                        ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD,
-                            ERR_R_ENGINE_LIB);
+                        ECDSAerror(ERR_R_ENGINE_LIB);
                         ENGINE_finish(ret->engine);
                         free(ret);
                         return NULL;
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 637da6535f..c7f4bcbe03 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.8 2017/01/21 11:00:47 beck Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project
  */
@@ -95,14 +95,13 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         int      ret = 0;
 
         if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
-                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
+                ECDSAerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
 
         if (ctx_in == NULL) {
                 if ((ctx = BN_CTX_new()) == NULL) {
-                        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
-                            ERR_R_MALLOC_FAILURE);
+                        ECDSAerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
         } else
@@ -113,15 +112,15 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         order = BN_new();
         X = BN_new();
         if (!k || !r || !order || !X) {
-                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+                ECDSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if ((tmp_point = EC_POINT_new(group)) == NULL) {
-                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+                ECDSAerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (!EC_GROUP_get_order(group, order, ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+                ECDSAerror(ERR_R_EC_LIB);
                 goto err;
         }
 
@@ -129,8 +128,7 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                 /* get random k */
                 do
                         if (!BN_rand_range(k, order)) {
-                                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
-                                    ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
+                                ECDSAerror(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
                                 goto err;
                         }
                 while (BN_is_zero(k));
@@ -148,15 +146,14 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 
                 /* compute r the x-coordinate of generator * k */
                 if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
-                        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+                        ECDSAerror(ERR_R_EC_LIB);
                         goto err;
                 }
                 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
                     NID_X9_62_prime_field) {
                         if (!EC_POINT_get_affine_coordinates_GFp(group,
                             tmp_point, X, NULL, ctx)) {
-                                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
-                                    ERR_R_EC_LIB);
+                                ECDSAerror(ERR_R_EC_LIB);
                                 goto err;
                         }
                 }
@@ -165,21 +162,20 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                 {
                         if (!EC_POINT_get_affine_coordinates_GF2m(group,
                             tmp_point, X, NULL, ctx)) {
-                                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
-                                    ERR_R_EC_LIB);
+                                ECDSAerror(ERR_R_EC_LIB);
                                 goto err;
                         }
                 }
 #endif
                 if (!BN_nnmod(r, X, order, ctx)) {
-                        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+                        ECDSAerror(ERR_R_BN_LIB);
                         goto err;
                 }
         } while (BN_is_zero(r));
 
         /* compute the inverse of k */
         if (!BN_mod_inverse_ct(k, k, order, ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+                ECDSAerror(ERR_R_BN_LIB);
                 goto err;
         }
         /* clear old values if necessary */
@@ -222,25 +218,25 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
         priv_key = EC_KEY_get0_private_key(eckey);
 
         if (group == NULL || priv_key == NULL || ecdsa == NULL) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+                ECDSAerror(ERR_R_PASSED_NULL_PARAMETER);
                 return NULL;
         }
 
         ret = ECDSA_SIG_new();
         if (!ret) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                ECDSAerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         s = ret->s;
 
         if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
             (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                ECDSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         if (!EC_GROUP_get_order(group, order, ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+                ECDSAerror(ERR_R_EC_LIB);
                 goto err;
         }
         i = BN_num_bits(order);
@@ -250,49 +246,46 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
         if (8 * dgst_len > i)
                 dgst_len = (i + 7)/8;
         if (!BN_bin2bn(dgst, dgst_len, m)) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+                ECDSAerror(ERR_R_BN_LIB);
                 goto err;
         }
         /* If still too long truncate remaining bits with a shift */
         if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+                ECDSAerror(ERR_R_BN_LIB);
                 goto err;
         }
         do {
                 if (in_kinv == NULL || in_r == NULL) {
                         if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {
-                                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
-                                    ERR_R_ECDSA_LIB);
+                                ECDSAerror(ERR_R_ECDSA_LIB);
                                 goto err;
                         }
                         ckinv = kinv;
                 } else {
                         ckinv = in_kinv;
                         if (BN_copy(ret->r, in_r) == NULL) {
-                                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
-                                    ERR_R_MALLOC_FAILURE);
+                                ECDSAerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                 }
 
                 if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
-                        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+                        ECDSAerror(ERR_R_BN_LIB);
                         goto err;
                 }
                 if (!BN_mod_add_quick(s, tmp, m, order)) {
-                        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+                        ECDSAerror(ERR_R_BN_LIB);
                         goto err;
                 }
                 if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
-                        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+                        ECDSAerror(ERR_R_BN_LIB);
                         goto err;
                 }
                 if (BN_is_zero(s)) {
                         /* if kinv and r have been supplied by the caller
                          * don't to generate new kinv and r values */
                         if (in_kinv != NULL && in_r != NULL) {
-                                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
-                                    ECDSA_R_NEED_NEW_SETUP_VALUES);
+                                ECDSAerror(ECDSA_R_NEED_NEW_SETUP_VALUES);
                                 goto err;
                         }
                 } else
@@ -329,13 +322,13 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
         /* check input values */
         if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
             (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
+                ECDSAerror(ECDSA_R_MISSING_PARAMETERS);
                 return -1;
         }
 
         ctx = BN_CTX_new();
         if (!ctx) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                ECDSAerror(ERR_R_MALLOC_FAILURE);
                 return -1;
         }
         BN_CTX_start(ctx);
@@ -345,25 +338,25 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
         m = BN_CTX_get(ctx);
         X = BN_CTX_get(ctx);
         if (!X) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+                ECDSAerror(ERR_R_BN_LIB);
                 goto err;
         }
 
         if (!EC_GROUP_get_order(group, order, ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+                ECDSAerror(ERR_R_EC_LIB);
                 goto err;
         }
 
         if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) ||
             BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||
             BN_is_negative(sig->s)      || BN_ucmp(sig->s, order) >= 0) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
+                ECDSAerror(ECDSA_R_BAD_SIGNATURE);
                 ret = 0;        /* signature is invalid */
                 goto err;
         }
         /* calculate tmp1 = inv(S) mod order */
         if (!BN_mod_inverse_ct(u2, sig->s, order, ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+                ECDSAerror(ERR_R_BN_LIB);
                 goto err;
         }
         /* digest -> m */
@@ -374,38 +367,38 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
         if (8 * dgst_len > i)
                 dgst_len = (i + 7)/8;
         if (!BN_bin2bn(dgst, dgst_len, m)) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+                ECDSAerror(ERR_R_BN_LIB);
                 goto err;
         }
         /* If still too long truncate remaining bits with a shift */
         if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+                ECDSAerror(ERR_R_BN_LIB);
                 goto err;
         }
         /* u1 = m * tmp mod order */
         if (!BN_mod_mul(u1, m, u2, order, ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+                ECDSAerror(ERR_R_BN_LIB);
                 goto err;
         }
         /* u2 = r * w mod q */
         if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+                ECDSAerror(ERR_R_BN_LIB);
                 goto err;
         }
 
         if ((point = EC_POINT_new(group)) == NULL) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                ECDSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+                ECDSAerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
             NID_X9_62_prime_field) {
                 if (!EC_POINT_get_affine_coordinates_GFp(group,
                     point, X, NULL, ctx)) {
-                        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+                        ECDSAerror(ERR_R_EC_LIB);
                         goto err;
                 }
         }
@@ -414,13 +407,13 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
         {
                 if (!EC_POINT_get_affine_coordinates_GF2m(group,
                     point, X, NULL, ctx)) {
-                        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+                        ECDSAerror(ERR_R_EC_LIB);
                         goto err;
                 }
         }
 #endif
         if (!BN_nnmod(u1, X, order, ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+                ECDSAerror(ERR_R_BN_LIB);
                 goto err;
         }
         /*  if the signature is correct u1 is equal to sig->r */
diff --git a/src/lib/libcrypto/engine/eng_aesni.c b/src/lib/libcrypto/engine/eng_aesni.c
index 92794f6086..cd14bbc8cd 100644
--- a/src/lib/libcrypto/engine/eng_aesni.c
+++ b/src/lib/libcrypto/engine/eng_aesni.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_aesni.c,v 1.9 2016/11/04 17:30:30 miod Exp $ */
+/* $OpenBSD: eng_aesni.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Support for Intel AES-NI intruction set
  *   Author: Huang Ying <ying.huang@intel.com>
@@ -411,7 +411,7 @@ aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
                 ret = aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
 
         if (ret < 0) {
-                EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+                EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
index acdebda6a6..2ac077d492 100644
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_cnf.c,v 1.13 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: eng_cnf.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -115,8 +115,7 @@ int_engine_configure(char *name, char *value, const CONF *cnf)
         ecmds = NCONF_get_section(cnf, value);
 
         if (!ecmds) {
-                ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
-                    ENGINE_R_ENGINE_SECTION_ERROR);
+                ENGINEerror(ENGINE_R_ENGINE_SECTION_ERROR);
                 return 0;
         }
 
@@ -175,8 +174,7 @@ int_engine_configure(char *name, char *value, const CONF *cnf)
                                         if (!int_engine_init(e))
                                                 goto err;
                                 } else if (do_init != 0) {
-                                        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
-                                            ENGINE_R_INVALID_INIT_VALUE);
+                                        ENGINEerror(ENGINE_R_INVALID_INIT_VALUE);
                                         goto err;
                                 }
                         }
@@ -196,8 +194,7 @@ int_engine_configure(char *name, char *value, const CONF *cnf)
 
 err:
         if (ret != 1) {
-                ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
-                    ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+                ENGINEerror(ENGINE_R_ENGINE_CONFIGURATION_ERROR);
                 if (ecmd)
                         ERR_asprintf_error_data(
                             "section=%s, name=%s, value=%s",
@@ -224,8 +221,7 @@ int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
         elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
 
         if (!elist) {
-                ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT,
-                    ENGINE_R_ENGINES_SECTION_ERROR);
+                ENGINEerror(ENGINE_R_ENGINES_SECTION_ERROR);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
index bf832dc626..1a3c25fbae 100644
--- a/src/lib/libcrypto/engine/eng_ctrl.c
+++ b/src/lib/libcrypto/engine/eng_ctrl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_ctrl.c,v 1.10 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: eng_ctrl.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
  *
@@ -125,8 +125,7 @@ int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
             (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
             (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
                 if (s == NULL) {
-                        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-                            ERR_R_PASSED_NULL_PARAMETER);
+                        ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                         return -1;
                 }
         }
@@ -134,8 +133,7 @@ int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
         if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
                 if ((e->cmd_defns == NULL) ||
                     ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
-                        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-                            ENGINE_R_INVALID_CMD_NAME);
+                        ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
                         return -1;
                 }
                 return e->cmd_defns[idx].cmd_num;
@@ -144,8 +142,7 @@ int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
          * valie command number - so we need to conduct a search. */
         if ((e->cmd_defns == NULL) ||
             ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {
-                ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-                    ENGINE_R_INVALID_CMD_NUMBER);
+                ENGINEerror(ENGINE_R_INVALID_CMD_NUMBER);
                 return -1;
         }
         /* Now the logic splits depending on command type */
@@ -188,7 +185,7 @@ int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
         }
 
         /* Shouldn't really be here ... */
-        ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
+        ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
         return -1;
 }
 
@@ -198,7 +195,7 @@ ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
         int ctrl_exists, ref_exists;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
@@ -206,7 +203,7 @@ ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
         ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
         if (!ref_exists) {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
+                ENGINEerror(ENGINE_R_NO_REFERENCE);
                 return 0;
         }
         /* Intercept any "root-level" commands before trying to hand them on to
@@ -225,8 +222,7 @@ ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
                 if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
                         return int_ctrl_helper(e, cmd, i, p, f);
                 if (!ctrl_exists) {
-                        ENGINEerr(ENGINE_F_ENGINE_CTRL,
-                            ENGINE_R_NO_CONTROL_FUNCTION);
+                        ENGINEerror(ENGINE_R_NO_CONTROL_FUNCTION);
                         /* For these cmd-related functions, failure is indicated
                          * by a -1 return value (because 0 is used as a valid
                          * return in some places). */
@@ -237,7 +233,7 @@ ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
         }
         /* Anything else requires a ctrl() handler to exist. */
         if (!ctrl_exists) {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+                ENGINEerror(ENGINE_R_NO_CONTROL_FUNCTION);
                 return 0;
         }
         return e->ctrl(e, cmd, i, p, f);
@@ -250,8 +246,7 @@ ENGINE_cmd_is_executable(ENGINE *e, int cmd)
 
         if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd,
             NULL, NULL)) < 0) {
-                ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
-                    ENGINE_R_INVALID_CMD_NUMBER);
+                ENGINEerror(ENGINE_R_INVALID_CMD_NUMBER);
                 return 0;
         }
         if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
@@ -268,8 +263,7 @@ ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
         int num;
 
         if ((e == NULL) || (cmd_name == NULL)) {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         if ((e->ctrl == NULL) ||
@@ -285,7 +279,7 @@ ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
                         ERR_clear_error();
                         return 1;
                 }
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME);
+                ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
                 return 0;
         }
 
@@ -306,8 +300,7 @@ ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
         char *ptr;
 
         if ((e == NULL) || (cmd_name == NULL)) {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         if ((e->ctrl == NULL) ||
@@ -323,29 +316,25 @@ ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                         ERR_clear_error();
                         return 1;
                 }
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                    ENGINE_R_INVALID_CMD_NAME);
+                ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
                 return 0;
         }
         if (!ENGINE_cmd_is_executable(e, num)) {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                    ENGINE_R_CMD_NOT_EXECUTABLE);
+                ENGINEerror(ENGINE_R_CMD_NOT_EXECUTABLE);
                 return 0;
         }
         if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
             NULL, NULL)) < 0) {
                 /* Shouldn't happen, given that ENGINE_cmd_is_executable()
                  * returned success. */
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                    ENGINE_R_INTERNAL_LIST_ERROR);
+                ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
                 return 0;
         }
         /* If the command takes no input, there must be no input. And vice
          * versa. */
         if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
                 if (arg != NULL) {
-                        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                            ENGINE_R_COMMAND_TAKES_NO_INPUT);
+                        ENGINEerror(ENGINE_R_COMMAND_TAKES_NO_INPUT);
                         return 0;
                 }
                 /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
@@ -359,8 +348,7 @@ ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
         }
         /* So, we require input */
         if (arg == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                    ENGINE_R_COMMAND_TAKES_INPUT);
+                ENGINEerror(ENGINE_R_COMMAND_TAKES_INPUT);
                 return 0;
         }
         /* If it takes string input, that's easy */
@@ -375,14 +363,12 @@ ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
          * should never happen though, because ENGINE_cmd_is_executable() was
          * used. */
         if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                    ENGINE_R_INTERNAL_LIST_ERROR);
+                ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
                 return 0;
         }
         l = strtol(arg, &ptr, 10);
         if ((arg == ptr) || (*ptr != '\0')) {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                    ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+                ENGINEerror(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
                 return 0;
         }
         /* Force the result of the control command to 0 or 1, for the reasons
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
index d65efde991..b604cbba9e 100644
--- a/src/lib/libcrypto/engine/eng_err.c
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_err.c,v 1.10 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: eng_err.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
  *
@@ -72,45 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
 
 static ERR_STRING_DATA ENGINE_str_functs[] = {
-        {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL),       "DYNAMIC_CTRL"},
-        {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX),       "DYNAMIC_GET_DATA_CTX"},
-        {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD),       "DYNAMIC_LOAD"},
-        {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX),       "DYNAMIC_SET_DATA_CTX"},
-        {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
-        {ERR_FUNC(ENGINE_F_ENGINE_BY_ID),       "ENGINE_by_id"},
-        {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE),   "ENGINE_cmd_is_executable"},
-        {ERR_FUNC(ENGINE_F_ENGINE_CTRL),        "ENGINE_ctrl"},
-        {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD),    "ENGINE_ctrl_cmd"},
-        {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING),     "ENGINE_ctrl_cmd_string"},
-        {ERR_FUNC(ENGINE_F_ENGINE_FINISH),      "ENGINE_finish"},
-        {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL),   "ENGINE_FREE_UTIL"},
-        {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER),  "ENGINE_get_cipher"},
-        {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),    "ENGINE_GET_DEFAULT_TYPE"},
-        {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),  "ENGINE_get_digest"},
-        {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),    "ENGINE_get_next"},
-        {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),  "ENGINE_get_pkey_asn1_meth"},
-        {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH),       "ENGINE_get_pkey_meth"},
-        {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),    "ENGINE_get_prev"},
-        {ERR_FUNC(ENGINE_F_ENGINE_INIT),        "ENGINE_init"},
-        {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),    "ENGINE_LIST_ADD"},
-        {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
-        {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),    "ENGINE_load_private_key"},
-        {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),     "ENGINE_load_public_key"},
-        {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),        "ENGINE_load_ssl_client_cert"},
-        {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
-        {ERR_FUNC(ENGINE_F_ENGINE_REMOVE),      "ENGINE_remove"},
-        {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),  "ENGINE_set_default_string"},
-        {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE),    "ENGINE_SET_DEFAULT_TYPE"},
-        {ERR_FUNC(ENGINE_F_ENGINE_SET_ID),      "ENGINE_set_id"},
-        {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME),    "ENGINE_set_name"},
-        {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER),      "ENGINE_TABLE_REGISTER"},
-        {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY),  "ENGINE_UNLOAD_KEY"},
-        {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH),     "ENGINE_UNLOCKED_FINISH"},
-        {ERR_FUNC(ENGINE_F_ENGINE_UP_REF),      "ENGINE_up_ref"},
-        {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER),    "INT_CTRL_HELPER"},
-        {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE),       "INT_ENGINE_CONFIGURE"},
-        {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT),     "INT_ENGINE_MODULE_INIT"},
-        {ERR_FUNC(ENGINE_F_LOG_MESSAGE),        "LOG_MESSAGE"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
index b54757d8ad..c97695a7d3 100644
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_fat.c,v 1.15 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: eng_fat.c,v 1.16 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
  *
@@ -147,8 +147,7 @@ ENGINE_set_default_string(ENGINE *e, const char *def_list)
         unsigned int flags = 0;
 
         if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
-                ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
-                    ENGINE_R_INVALID_STRING);
+                ENGINEerror(ENGINE_R_INVALID_STRING);
                 ERR_asprintf_error_data("str=%s",def_list);
                 return 0;
         }
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c
index b50e22594c..75d6698c70 100644
--- a/src/lib/libcrypto/engine/eng_init.c
+++ b/src/lib/libcrypto/engine/eng_init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_init.c,v 1.7 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: eng_init.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
  *
@@ -106,8 +106,7 @@ engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
 
         /* Release the structural reference too */
         if (!engine_free_util(e, 0)) {
-                ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,
-                    ENGINE_R_FINISH_FAILED);
+                ENGINEerror(ENGINE_R_FINISH_FAILED);
                 return 0;
         }
         return to_return;
@@ -120,7 +119,7 @@ ENGINE_init(ENGINE *e)
         int ret;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
@@ -136,14 +135,14 @@ ENGINE_finish(ENGINE *e)
         int to_return = 1;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
         to_return = engine_unlocked_finish(e, 1);
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
         if (!to_return) {
-                ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
+                ENGINEerror(ENGINE_R_FINISH_FAILED);
                 return 0;
         }
         return to_return;
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
index f5f54fc657..d2da29fe69 100644
--- a/src/lib/libcrypto/engine/eng_lib.c
+++ b/src/lib/libcrypto/engine/eng_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_lib.c,v 1.11 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: eng_lib.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -72,7 +72,7 @@ ENGINE_new(void)
 
         ret = malloc(sizeof(ENGINE));
         if (ret == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+                ENGINEerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         memset(ret, 0, sizeof(ENGINE));
@@ -113,8 +113,7 @@ engine_free_util(ENGINE *e, int locked)
         int i;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         if (locked)
@@ -245,8 +244,7 @@ int
 ENGINE_set_id(ENGINE *e, const char *id)
 {
         if (id == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_SET_ID,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         e->id = id;
@@ -257,8 +255,7 @@ int
 ENGINE_set_name(ENGINE *e, const char *name)
 {
         if (name == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         e->name = name;
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index fc1d16b183..8bb1bc58f2 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_list.c,v 1.21 2015/07/19 00:56:48 bcook Exp $ */
+/* $OpenBSD: eng_list.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -105,8 +105,7 @@ engine_list_add(ENGINE *e)
         ENGINE *iterator = NULL;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         iterator = engine_list_head;
@@ -115,15 +114,13 @@ engine_list_add(ENGINE *e)
                 iterator = iterator->next;
         }
         if (conflict) {
-                ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-                    ENGINE_R_CONFLICTING_ENGINE_ID);
+                ENGINEerror(ENGINE_R_CONFLICTING_ENGINE_ID);
                 return 0;
         }
         if (engine_list_head == NULL) {
                 /* We are adding to an empty list. */
                 if (engine_list_tail) {
-                        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-                            ENGINE_R_INTERNAL_LIST_ERROR);
+                        ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
                         return 0;
                 }
                 engine_list_head = e;
@@ -135,8 +132,7 @@ engine_list_add(ENGINE *e)
                 /* We are adding to the tail of an existing list. */
                 if ((engine_list_tail == NULL) ||
                     (engine_list_tail->next != NULL)) {
-                        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-                            ENGINE_R_INTERNAL_LIST_ERROR);
+                        ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
                         return 0;
                 }
                 engine_list_tail->next = e;
@@ -158,8 +154,7 @@ engine_list_remove(ENGINE *e)
         ENGINE *iterator;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         /* We need to check that e is in our linked list! */
@@ -167,8 +162,7 @@ engine_list_remove(ENGINE *e)
         while (iterator && (iterator != e))
                 iterator = iterator->next;
         if (iterator == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
-                    ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+                ENGINEerror(ENGINE_R_ENGINE_IS_NOT_IN_LIST);
                 return 0;
         }
         /* un-link e from the chain. */
@@ -223,8 +217,7 @@ ENGINE_get_next(ENGINE *e)
         ENGINE *ret = NULL;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
@@ -246,8 +239,7 @@ ENGINE_get_prev(ENGINE *e)
         ENGINE *ret = NULL;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
@@ -270,18 +262,15 @@ ENGINE_add(ENGINE *e)
         int to_return = 1;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_ADD,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         if ((e->id == NULL) || (e->name == NULL)) {
-                ENGINEerr(ENGINE_F_ENGINE_ADD,
-                    ENGINE_R_ID_OR_NAME_MISSING);
+                ENGINEerror(ENGINE_R_ID_OR_NAME_MISSING);
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
         if (!engine_list_add(e)) {
-                ENGINEerr(ENGINE_F_ENGINE_ADD,
-                    ENGINE_R_INTERNAL_LIST_ERROR);
+                ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
                 to_return = 0;
         }
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
@@ -295,14 +284,12 @@ ENGINE_remove(ENGINE *e)
         int to_return = 1;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
         if (!engine_list_remove(e)) {
-                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
-                    ENGINE_R_INTERNAL_LIST_ERROR);
+                ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
                 to_return = 0;
         }
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
@@ -350,8 +337,7 @@ ENGINE_by_id(const char *id)
         ENGINE *iterator;
 
         if (id == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return NULL;
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
@@ -378,7 +364,7 @@ ENGINE_by_id(const char *id)
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 
         if (iterator == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
+                ENGINEerror(ENGINE_R_NO_SUCH_ENGINE);
                 ERR_asprintf_error_data("id=%s", id);
         }
         return iterator;
@@ -388,7 +374,7 @@ int
 ENGINE_up_ref(ENGINE *e)
 {
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE);
diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c
index 74b1ce03b7..a0320e973f 100644
--- a/src/lib/libcrypto/engine/eng_pkey.c
+++ b/src/lib/libcrypto/engine/eng_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_pkey.c,v 1.6 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: eng_pkey.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
  *
@@ -108,27 +108,23 @@ ENGINE_load_private_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
         EVP_PKEY *pkey;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
         if (e->funct_ref == 0) {
                 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                    ENGINE_R_NOT_INITIALISED);
+                ENGINEerror(ENGINE_R_NOT_INITIALISED);
                 return 0;
         }
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
         if (!e->load_privkey) {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                    ENGINE_R_NO_LOAD_FUNCTION);
+                ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
                 return 0;
         }
         pkey = e->load_privkey(e, key_id, ui_method, callback_data);
         if (!pkey) {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                    ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+                ENGINEerror(ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
                 return 0;
         }
         return pkey;
@@ -141,27 +137,23 @@ ENGINE_load_public_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
         EVP_PKEY *pkey;
 
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
         if (e->funct_ref == 0) {
                 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                    ENGINE_R_NOT_INITIALISED);
+                ENGINEerror(ENGINE_R_NOT_INITIALISED);
                 return 0;
         }
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
         if (!e->load_pubkey) {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                    ENGINE_R_NO_LOAD_FUNCTION);
+                ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
                 return 0;
         }
         pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
         if (!pkey) {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                    ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+                ENGINEerror(ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
                 return 0;
         }
         return pkey;
@@ -173,21 +165,18 @@ ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn,
     UI_METHOD *ui_method, void *callback_data)
 {
         if (e == NULL) {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
         if (e->funct_ref == 0) {
                 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
-                    ENGINE_R_NOT_INITIALISED);
+                ENGINEerror(ENGINE_R_NOT_INITIALISED);
                 return 0;
         }
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
         if (!e->load_ssl_client_cert) {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
-                    ENGINE_R_NO_LOAD_FUNCTION);
+                ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
                 return 0;
         }
         return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
index 342c76fa1b..a8aded5aaf 100644
--- a/src/lib/libcrypto/engine/eng_table.c
+++ b/src/lib/libcrypto/engine/eng_table.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_table.c,v 1.8 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: eng_table.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
  *
@@ -172,8 +172,7 @@ engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                 fnd->uptodate = 0;
                 if (setdefault) {
                         if (!engine_unlocked_init(e)) {
-                                ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
-                                    ENGINE_R_INIT_FAILED);
+                                ENGINEerror(ENGINE_R_INIT_FAILED);
                                 goto end;
                         }
                         if (fnd->funct)
diff --git a/src/lib/libcrypto/engine/tb_asnmth.c b/src/lib/libcrypto/engine/tb_asnmth.c
index 3ba5541933..51e5198b40 100644
--- a/src/lib/libcrypto/engine/tb_asnmth.c
+++ b/src/lib/libcrypto/engine/tb_asnmth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tb_asnmth.c,v 1.5 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: tb_asnmth.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
@@ -135,8 +135,7 @@ ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
         ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
 
         if (!fn || !fn(e, &ret, NULL, nid)) {
-                ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
-                    ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+                ENGINEerror(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
                 return NULL;
         }
         return ret;
diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c
index a888d7a958..ed87ff199e 100644
--- a/src/lib/libcrypto/engine/tb_cipher.c
+++ b/src/lib/libcrypto/engine/tb_cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tb_cipher.c,v 1.7 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: tb_cipher.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
@@ -130,8 +130,7 @@ ENGINE_get_cipher(ENGINE *e, int nid)
         ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
 
         if (!fn || !fn(e, &ret, NULL, nid)) {
-                ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
-                    ENGINE_R_UNIMPLEMENTED_CIPHER);
+                ENGINEerror(ENGINE_R_UNIMPLEMENTED_CIPHER);
                 return NULL;
         }
         return ret;
diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c
index f7720d39e7..f1a2e8a6b3 100644
--- a/src/lib/libcrypto/engine/tb_digest.c
+++ b/src/lib/libcrypto/engine/tb_digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tb_digest.c,v 1.7 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: tb_digest.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
@@ -130,8 +130,7 @@ ENGINE_get_digest(ENGINE *e, int nid)
         ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
 
         if (!fn || !fn(e, &ret, NULL, nid)) {
-                ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
-                    ENGINE_R_UNIMPLEMENTED_DIGEST);
+                ENGINEerror(ENGINE_R_UNIMPLEMENTED_DIGEST);
                 return NULL;
         }
         return ret;
diff --git a/src/lib/libcrypto/engine/tb_pkmeth.c b/src/lib/libcrypto/engine/tb_pkmeth.c
index 3840434262..05566a3464 100644
--- a/src/lib/libcrypto/engine/tb_pkmeth.c
+++ b/src/lib/libcrypto/engine/tb_pkmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tb_pkmeth.c,v 1.5 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: tb_pkmeth.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
@@ -131,8 +131,7 @@ ENGINE_get_pkey_meth(ENGINE *e, int nid)
         ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
 
         if (!fn || !fn(e, &ret, NULL, nid)) {
-                ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
-                    ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+                ENGINEerror(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
                 return NULL;
         }
         return ret;
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index f06320247c..292805433d 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err.c,v 1.41 2014/11/09 19:17:13 miod Exp $ */
+/* $OpenBSD: err.c,v 1.42 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -566,7 +566,7 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
  * others will be displayed numerically by ERR_error_string.
  * It is crucial that we have something for each reason code
  * that occurs in ERR_str_reasons, or bogus reason strings
- * will be returned for SYSerr(), which always gets an errno
+ * will be returned for SYSerror(which always gets an errno
  * value and never one of those 'standard' reason codes. */
 
 static void
diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h
index f34db75d6f..672dead06b 100644
--- a/src/lib/libcrypto/err/err.h
+++ b/src/lib/libcrypto/err/err.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: err.h,v 1.23 2017/01/26 12:07:06 beck Exp $ */
+/* $OpenBSD: err.h,v 1.24 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -199,6 +199,7 @@ typedef struct err_state_st {
 
 #define ERR_LIB_USER            128
 
+#ifndef LIBRESSL_INTERNAL
 #define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
 #define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
 #define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
@@ -232,10 +233,45 @@ typedef struct err_state_st {
 #define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
 #define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
 #define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__)
-#ifndef LIBRESSL_INTERNAL
 #define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
 #endif
 
+#ifdef LIBRESSL_INTERNAL
+#define SYSerror(r)  ERR_PUT_error(ERR_LIB_SYS,(0xfff),(r),__FILE__,__LINE__)
+#define BNerror(r)   ERR_PUT_error(ERR_LIB_BN,(0xfff),(r),__FILE__,__LINE__)
+#define RSAerror(r)  ERR_PUT_error(ERR_LIB_RSA,(0xfff),(r),__FILE__,__LINE__)
+#define DHerror(r)   ERR_PUT_error(ERR_LIB_DH,(0xfff),(r),__FILE__,__LINE__)
+#define EVPerror(r)  ERR_PUT_error(ERR_LIB_EVP,(0xfff),(r),__FILE__,__LINE__)
+#define BUFerror(r)  ERR_PUT_error(ERR_LIB_BUF,(0xfff),(r),__FILE__,__LINE__)
+#define OBJerror(r)  ERR_PUT_error(ERR_LIB_OBJ,(0xfff),(r),__FILE__,__LINE__)
+#define PEMerror(r)  ERR_PUT_error(ERR_LIB_PEM,(0xfff),(r),__FILE__,__LINE__)
+#define DSAerror(r)  ERR_PUT_error(ERR_LIB_DSA,(0xfff),(r),__FILE__,__LINE__)
+#define X509error(r) ERR_PUT_error(ERR_LIB_X509,(0xfff),(r),__FILE__,__LINE__)
+#define ASN1error(r) ERR_PUT_error(ERR_LIB_ASN1,(0xfff),(r),__FILE__,__LINE__)
+#define CONFerror(r) ERR_PUT_error(ERR_LIB_CONF,(0xfff),(r),__FILE__,__LINE__)
+#define CRYPTOerror(r) ERR_PUT_error(ERR_LIB_CRYPTO,(0xfff),(r),__FILE__,__LINE__)
+#define ECerror(r)   ERR_PUT_error(ERR_LIB_EC,(0xfff),(r),__FILE__,__LINE__)
+#define BIOerror(r)  ERR_PUT_error(ERR_LIB_BIO,(0xfff),(r),__FILE__,__LINE__)
+#define PKCS7error(r) ERR_PUT_error(ERR_LIB_PKCS7,(0xfff),(r),__FILE__,__LINE__)
+#define X509V3error(r) ERR_PUT_error(ERR_LIB_X509V3,(0xfff),(r),__FILE__,__LINE__)
+#define PKCS12error(r) ERR_PUT_error(ERR_LIB_PKCS12,(0xfff),(r),__FILE__,__LINE__)
+#define RANDerror(r) ERR_PUT_error(ERR_LIB_RAND,(0xfff),(r),__FILE__,__LINE__)
+#define DSOerror(r) ERR_PUT_error(ERR_LIB_DSO,(0xfff),(r),__FILE__,__LINE__)
+#define ENGINEerror(r) ERR_PUT_error(ERR_LIB_ENGINE,(0xfff),(r),__FILE__,__LINE__)
+#define OCSPerror(r) ERR_PUT_error(ERR_LIB_OCSP,(0xfff),(r),__FILE__,__LINE__)
+#define UIerror(r) ERR_PUT_error(ERR_LIB_UI,(0xfff),(r),__FILE__,__LINE__)
+#define COMPerror(r) ERR_PUT_error(ERR_LIB_COMP,(0xfff),(r),__FILE__,__LINE__)
+#define ECDSAerror(r)  ERR_PUT_error(ERR_LIB_ECDSA,(0xfff),(r),__FILE__,__LINE__)
+#define ECDHerror(r)  ERR_PUT_error(ERR_LIB_ECDH,(0xfff),(r),__FILE__,__LINE__)
+#define STOREerror(r) ERR_PUT_error(ERR_LIB_STORE,(0xfff),(r),__FILE__,__LINE__)
+#define FIPSerror(r) ERR_PUT_error(ERR_LIB_FIPS,(0xfff),(r),__FILE__,__LINE__)
+#define CMSerror(r) ERR_PUT_error(ERR_LIB_CMS,(0xfff),(r),__FILE__,__LINE__)
+#define TSerror(r) ERR_PUT_error(ERR_LIB_TS,(0xfff),(r),__FILE__,__LINE__)
+#define HMACerror(r) ERR_PUT_error(ERR_LIB_HMAC,(0xfff),(r),__FILE__,__LINE__)
+#define JPAKEerror(r) ERR_PUT_error(ERR_LIB_JPAKE,(0xfff),(r),__FILE__,__LINE__)
+#define GOSTerror(r) ERR_PUT_error(ERR_LIB_GOST,(0xfff),(r),__FILE__,__LINE__)
+#endif
+
 #define ERR_PACK(l,f,r)         (((((unsigned long)l)&0xffL)<<24L)| \
                                 ((((unsigned long)f)&0xfffL)<<12L)| \
                                 ((((unsigned long)r)&0xfffL)))
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 6d8ed9b499..ee1f955959 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest.c,v 1.26 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: digest.c,v 1.27 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -162,8 +162,7 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                         ENGINE_finish(ctx->engine);
                 if (impl) {
                         if (!ENGINE_init(impl)) {
-                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,
-                                    EVP_R_INITIALIZATION_ERROR);
+                                EVPerror(EVP_R_INITIALIZATION_ERROR);
                                 return 0;
                         }
                 } else
@@ -174,8 +173,7 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                         const EVP_MD *d = ENGINE_get_digest(impl, type->type);
                         if (!d) {
                                 /* Same comment from evp_enc.c */
-                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,
-                                    EVP_R_INITIALIZATION_ERROR);
+                                EVPerror(EVP_R_INITIALIZATION_ERROR);
                                 ENGINE_finish(impl);
                                 return 0;
                         }
@@ -188,7 +186,7 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                 } else
                         ctx->engine = NULL;
         } else if (!ctx->digest) {
-                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
+                EVPerror(EVP_R_NO_DIGEST_SET);
                 return 0;
         }
 #endif
@@ -206,8 +204,7 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                         if (ctx->md_data == NULL) {
                                 EVP_PKEY_CTX_free(ctx->pctx);
                                 ctx->pctx = NULL;
-                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,
-                                    ERR_R_MALLOC_FAILURE);
+                                EVPerror(ERR_R_MALLOC_FAILURE);
                                 return 0;
                         }
                 }
@@ -251,7 +248,7 @@ EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         int ret;
 
         if ((size_t)ctx->digest->md_size > EVP_MAX_MD_SIZE) {
-                EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_TOO_LARGE);
+                EVPerror(EVP_R_TOO_LARGE);
                 return 0;
         }
         ret = ctx->digest->final(ctx, md);
@@ -278,13 +275,13 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
         unsigned char *tmp_buf;
 
         if ((in == NULL) || (in->digest == NULL)) {
-                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
+                EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
                 return 0;
         }
 #ifndef OPENSSL_NO_ENGINE
         /* Make sure it's safe to copy a digest context using an ENGINE */
         if (in->engine && !ENGINE_init(in->engine)) {
-                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
+                EVPerror(ERR_R_ENGINE_LIB);
                 return 0;
         }
 #endif
@@ -303,8 +300,7 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
                 else {
                         out->md_data = malloc(out->digest->ctx_size);
                         if (!out->md_data) {
-                                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,
-                                    ERR_R_MALLOC_FAILURE);
+                                EVPerror(ERR_R_MALLOC_FAILURE);
                                 return 0;
                         }
                 }
@@ -386,19 +382,18 @@ EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
         int ret;
 
         if (!ctx->digest) {
-                EVPerr(EVP_F_EVP_MD_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+                EVPerror(EVP_R_NO_CIPHER_SET);
                 return 0;
         }
 
         if (!ctx->digest->md_ctrl) {
-                EVPerr(EVP_F_EVP_MD_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+                EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED);
                 return 0;
         }
 
         ret = ctx->digest->md_ctrl(ctx, type, arg, ptr);
         if (ret == -1) {
-                EVPerr(EVP_F_EVP_MD_CTX_CTRL,
-                    EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+                EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
                 return 0;
         }
         return ret;
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index b20543a90c..71a18363f1 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.31 2016/11/04 17:30:30 miod Exp $ */
+/* $OpenBSD: e_aes.c,v 1.32 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -225,7 +225,7 @@ aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         }
 
         if (ret < 0) {
-                EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+                EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
                 return 0;
         }
 
@@ -563,7 +563,7 @@ aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                 }
 
         if (ret < 0) {
-                EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+                EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
                 return 0;
         }
 
@@ -1378,7 +1378,7 @@ aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const unsigned char *key, size_t key_len,
 
         /* EVP_AEAD_CTX_init should catch this. */
         if (key_bits != 128 && key_bits != 256) {
-                EVPerr(EVP_F_AEAD_AES_GCM_INIT, EVP_R_BAD_KEY_LENGTH);
+                EVPerror(EVP_R_BAD_KEY_LENGTH);
                 return 0;
         }
 
@@ -1386,7 +1386,7 @@ aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const unsigned char *key, size_t key_len,
                 tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
 
         if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) {
-                EVPerr(EVP_F_AEAD_AES_GCM_INIT, EVP_R_TAG_TOO_LARGE);
+                EVPerror(EVP_R_TAG_TOO_LARGE);
                 return 0;
         }
 
@@ -1432,7 +1432,7 @@ aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
         size_t bulk = 0;
 
         if (max_out_len < in_len + gcm_ctx->tag_len) {
-                EVPerr(EVP_F_AEAD_AES_GCM_SEAL, EVP_R_BUFFER_TOO_SMALL);
+                EVPerror(EVP_R_BUFFER_TOO_SMALL);
                 return 0;
         }
 
@@ -1471,14 +1471,14 @@ aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
         size_t bulk = 0;
 
         if (in_len < gcm_ctx->tag_len) {
-                EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);
+                EVPerror(EVP_R_BAD_DECRYPT);
                 return 0;
         }
 
         plaintext_len = in_len - gcm_ctx->tag_len;
 
         if (max_out_len < plaintext_len) {
-                EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BUFFER_TOO_SMALL);
+                EVPerror(EVP_R_BUFFER_TOO_SMALL);
                 return 0;
         }
 
@@ -1500,7 +1500,7 @@ aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
 
         CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
         if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
-                EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);
+                EVPerror(EVP_R_BAD_DECRYPT);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
index e3424cfe94..fd12cf9c50 100644
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_camellia.c,v 1.7 2015/02/10 09:50:12 miod Exp $ */
+/* $OpenBSD: e_camellia.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
@@ -114,8 +114,7 @@ camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);
 
         if (ret < 0) {
-                EVPerr(EVP_F_CAMELLIA_INIT_KEY,
-                    EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+                EVPerror(EVP_R_CAMELLIA_KEY_SETUP_FAILED);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c
index e5395ad8ca..e135f9a104 100644
--- a/src/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.14 2016/04/28 16:06:53 jsing Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 
 /*
  * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -59,7 +59,7 @@ aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const unsigned char *key,
                 tag_len = POLY1305_TAG_LEN;
 
         if (tag_len > POLY1305_TAG_LEN) {
-                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_INIT, EVP_R_TOO_LARGE);
+                EVPerror(EVP_R_TOO_LARGE);
                 return 0;
         }
 
@@ -142,18 +142,17 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,
          * Casting to uint64_t inside the conditional is not sufficient to stop
          * the warning. */
         if (in_len_64 >= (1ULL << 32) * 64 - 64) {
-                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL, EVP_R_TOO_LARGE);
+                EVPerror(EVP_R_TOO_LARGE);
                 return 0;
         }
 
         if (max_out_len < in_len + c20_ctx->tag_len) {
-                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL,
-                    EVP_R_BUFFER_TOO_SMALL);
+                EVPerror(EVP_R_BUFFER_TOO_SMALL);
                 return 0;
         }
 
         if (nonce_len != ctx->aead->nonce_len) {
-                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL, EVP_R_IV_TOO_LARGE);
+                EVPerror(EVP_R_IV_TOO_LARGE);
                 return 0;
         }
 
@@ -216,7 +215,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
         uint64_t ctr = 0;
 
         if (in_len < c20_ctx->tag_len) {
-                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
+                EVPerror(EVP_R_BAD_DECRYPT);
                 return 0;
         }
 
@@ -228,20 +227,19 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
          * Casting to uint64_t inside the conditional is not sufficient to stop
          * the warning. */
         if (in_len_64 >= (1ULL << 32) * 64 - 64) {
-                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_TOO_LARGE);
+                EVPerror(EVP_R_TOO_LARGE);
                 return 0;
         }
 
         if (nonce_len != ctx->aead->nonce_len) {
-                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_IV_TOO_LARGE);
+                EVPerror(EVP_R_IV_TOO_LARGE);
                 return 0;
         }
 
         plaintext_len = in_len - c20_ctx->tag_len;
 
         if (max_out_len < plaintext_len) {
-                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN,
-                    EVP_R_BUFFER_TOO_SMALL);
+                EVPerror(EVP_R_BUFFER_TOO_SMALL);
                 return 0;
         }
 
@@ -276,7 +274,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
         CRYPTO_poly1305_finish(&poly1305, mac);
 
         if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
-                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
+                EVPerror(EVP_R_BAD_DECRYPT);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/evp/e_gost2814789.c b/src/lib/libcrypto/evp/e_gost2814789.c
index e2235a64b5..730de4fed1 100644
--- a/src/lib/libcrypto/evp/e_gost2814789.c
+++ b/src/lib/libcrypto/evp/e_gost2814789.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_gost2814789.c,v 1.3 2014/11/18 05:30:07 miod Exp $ */
+/* $OpenBSD: e_gost2814789.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -107,13 +107,12 @@ gost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
         GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
 
         if (gcp == NULL) {
-                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,
-                    ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         if (ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len) == 0) {
                 GOST_CIPHER_PARAMS_free(gcp);
-                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
+                GOSTerror(ERR_R_ASN1_LIB);
                 return 0;
         }
         ASN1_OBJECT_free(gcp->enc_param_set);
@@ -123,8 +122,7 @@ gost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
         p = buf = malloc(len);
         if (buf == NULL) {
                 GOST_CIPHER_PARAMS_free(gcp);
-                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,
-                    ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         i2d_GOST_CIPHER_PARAMS(gcp, &p);
@@ -133,14 +131,13 @@ gost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
         os = ASN1_OCTET_STRING_new();
         if (os == NULL) {
                 free(buf);
-                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,
-                    ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         if (ASN1_OCTET_STRING_set(os, buf, len) == 0) {
                 ASN1_OCTET_STRING_free(os);
                 free(buf);
-                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
+                GOSTerror(ERR_R_ASN1_LIB);
                 return 0;
         }
         free(buf);
@@ -169,8 +166,7 @@ gost2814789_get_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
         len = gcp->iv->length;
         if (len != ctx->cipher->iv_len) {
                 GOST_CIPHER_PARAMS_free(gcp);
-                GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
-                    GOST_R_INVALID_IV_LENGTH);
+                GOSTerror(GOST_R_INVALID_IV_LENGTH);
                 return -1;
         }
 
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index 9052195ac2..de1b24a306 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc2.c,v 1.11 2015/02/10 09:52:35 miod Exp $ */
+/* $OpenBSD: e_rc2.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -171,7 +171,7 @@ rc2_magic_to_meth(int i)
         else if (i == RC2_40_MAGIC)
                 return 40;
         else {
-                EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
+                EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE);
                 return (0);
         }
 }
@@ -188,8 +188,7 @@ rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         if (type != NULL) {
                 l = EVP_CIPHER_CTX_iv_length(c);
                 if (l > sizeof(iv)) {
-                        EVPerr(EVP_F_RC2_GET_ASN1_TYPE_AND_IV,
-                            EVP_R_IV_TOO_LARGE);
+                        EVPerror(EVP_R_IV_TOO_LARGE);
                         return -1;
                 }
                 i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
diff --git a/src/lib/libcrypto/evp/evp_aead.c b/src/lib/libcrypto/evp/evp_aead.c
index 197b7f515f..40471b0022 100644
--- a/src/lib/libcrypto/evp/evp_aead.c
+++ b/src/lib/libcrypto/evp/evp_aead.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_aead.c,v 1.5 2014/06/21 15:30:36 jsing Exp $ */
+/* $OpenBSD: evp_aead.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -53,7 +53,7 @@ EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
 {
         ctx->aead = aead;
         if (key_len != aead->key_len) {
-                EVPerr(EVP_F_EVP_AEAD_CTX_INIT, EVP_R_UNSUPPORTED_KEY_SIZE);
+                EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE);
                 return 0;
         }
         return aead->init(ctx, key, key_len, tag_len);
@@ -96,12 +96,12 @@ EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
 
         /* Overflow. */
         if (possible_out_len < in_len) {
-                EVPerr(EVP_F_AEAD_CTX_SEAL, EVP_R_TOO_LARGE);
+                EVPerror(EVP_R_TOO_LARGE);
                 goto error;
         }
 
         if (!check_alias(in, in_len, out)) {
-                EVPerr(EVP_F_AEAD_CTX_SEAL, EVP_R_OUTPUT_ALIASES_INPUT);
+                EVPerror(EVP_R_OUTPUT_ALIASES_INPUT);
                 goto error;
         }
 
@@ -125,7 +125,7 @@ EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
     size_t ad_len)
 {
         if (!check_alias(in, in_len, out)) {
-                EVPerr(EVP_F_AEAD_CTX_OPEN, EVP_R_OUTPUT_ALIASES_INPUT);
+                EVPerror(EVP_R_OUTPUT_ALIASES_INPUT);
                 goto error;
         }
 
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 0dfb7a5dc3..d0a5eb2d5f 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.35 2016/09/09 00:03:22 bcook Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.36 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -130,8 +130,7 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
 #ifndef OPENSSL_NO_ENGINE
                 if (impl) {
                         if (!ENGINE_init(impl)) {
-                                EVPerr(EVP_F_EVP_CIPHERINIT_EX,
-                                    EVP_R_INITIALIZATION_ERROR);
+                                EVPerror(EVP_R_INITIALIZATION_ERROR);
                                 return 0;
                         }
                 } else
@@ -142,8 +141,7 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
                         const EVP_CIPHER *c =
                             ENGINE_get_cipher(impl, cipher->nid);
                         if (!c) {
-                                EVPerr(EVP_F_EVP_CIPHERINIT_EX,
-                                    EVP_R_INITIALIZATION_ERROR);
+                                EVPerror(EVP_R_INITIALIZATION_ERROR);
                                 return 0;
                         }
                         /* We'll use the ENGINE's private cipher definition */
@@ -160,8 +158,7 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
                 if (ctx->cipher->ctx_size) {
                         ctx->cipher_data = malloc(ctx->cipher->ctx_size);
                         if (!ctx->cipher_data) {
-                                EVPerr(EVP_F_EVP_CIPHERINIT_EX,
-                                    ERR_R_MALLOC_FAILURE);
+                                EVPerror(ERR_R_MALLOC_FAILURE);
                                 return 0;
                         }
                 } else {
@@ -171,13 +168,12 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
                 ctx->flags = 0;
                 if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
                         if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
-                                EVPerr(EVP_F_EVP_CIPHERINIT_EX,
-                                    EVP_R_INITIALIZATION_ERROR);
+                                EVPerror(EVP_R_INITIALIZATION_ERROR);
                                 return 0;
                         }
                 }
         } else if (!ctx->cipher) {
-                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+                EVPerror(EVP_R_NO_CIPHER_SET);
                 return 0;
         }
 #ifndef OPENSSL_NO_ENGINE
@@ -187,7 +183,7 @@ skip_to_init:
         if (ctx->cipher->block_size != 1 &&
             ctx->cipher->block_size != 8 &&
             ctx->cipher->block_size != 16) {
-                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_BAD_BLOCK_LENGTH);
+                EVPerror(EVP_R_BAD_BLOCK_LENGTH);
                 return 0;
         }
 
@@ -208,8 +204,7 @@ skip_to_init:
 
                         if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) >
                             sizeof(ctx->iv)) {
-                                EVPerr(EVP_F_EVP_CIPHERINIT_EX,
-                                    EVP_R_IV_TOO_LARGE);
+                                EVPerror(EVP_R_IV_TOO_LARGE);
                                 return 0;
                         }
                         if (iv)
@@ -336,7 +331,7 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         i = ctx->buf_len;
         bl = ctx->cipher->block_size;
         if ((size_t)bl > sizeof(ctx->buf)) {
-                EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_BAD_BLOCK_LENGTH);
+                EVPerror(EVP_R_BAD_BLOCK_LENGTH);
                 *outl = 0;
                 return 0;
         }
@@ -401,7 +396,7 @@ EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
         b = ctx->cipher->block_size;
         if (b > sizeof ctx->buf) {
-                EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_BAD_BLOCK_LENGTH);
+                EVPerror(EVP_R_BAD_BLOCK_LENGTH);
                 return 0;
         }
         if (b == 1) {
@@ -411,8 +406,7 @@ EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         bl = ctx->buf_len;
         if (ctx->flags & EVP_CIPH_NO_PADDING) {
                 if (bl) {
-                        EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
-                            EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+                        EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
                         return 0;
                 }
                 *outl = 0;
@@ -458,7 +452,7 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 
         b = ctx->cipher->block_size;
         if (b > sizeof ctx->final) {
-                EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_BAD_BLOCK_LENGTH);
+                EVPerror(EVP_R_BAD_BLOCK_LENGTH);
                 return 0;
         }
 
@@ -519,8 +513,7 @@ EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         b = ctx->cipher->block_size;
         if (ctx->flags & EVP_CIPH_NO_PADDING) {
                 if (ctx->buf_len) {
-                        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
-                            EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+                        EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
                         return 0;
                 }
                 *outl = 0;
@@ -528,24 +521,21 @@ EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         }
         if (b > 1) {
                 if (ctx->buf_len || !ctx->final_used) {
-                        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
-                            EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+                        EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH);
                         return (0);
                 }
                 if (b > sizeof ctx->final) {
-                        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
-                            EVP_R_BAD_BLOCK_LENGTH);
+                        EVPerror(EVP_R_BAD_BLOCK_LENGTH);
                         return 0;
                 }
                 n = ctx->final[b - 1];
                 if (n == 0 || n > (int)b) {
-                        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+                        EVPerror(EVP_R_BAD_DECRYPT);
                         return (0);
                 }
                 for (i = 0; i < n; i++) {
                         if (ctx->final[--b] != n) {
-                                EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
-                                    EVP_R_BAD_DECRYPT);
+                                EVPerror(EVP_R_BAD_DECRYPT);
                                 return (0);
                         }
                 }
@@ -600,7 +590,7 @@ EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
                 c->key_len = keylen;
                 return 1;
         }
-        EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
+        EVPerror(EVP_R_INVALID_KEY_LENGTH);
         return 0;
 }
 
@@ -620,19 +610,18 @@ EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
         int ret;
 
         if (!ctx->cipher) {
-                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+                EVPerror(EVP_R_NO_CIPHER_SET);
                 return 0;
         }
 
         if (!ctx->cipher->ctrl) {
-                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+                EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED);
                 return 0;
         }
 
         ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
         if (ret == -1) {
-                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
-                    EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+                EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
                 return 0;
         }
         return ret;
@@ -651,13 +640,13 @@ int
 EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
 {
         if ((in == NULL) || (in->cipher == NULL)) {
-                EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
+                EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
                 return 0;
         }
 #ifndef OPENSSL_NO_ENGINE
         /* Make sure it's safe to copy a cipher context using an ENGINE */
         if (in->engine && !ENGINE_init(in->engine)) {
-                EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
+                EVPerror(ERR_R_ENGINE_LIB);
                 return 0;
         }
 #endif
@@ -668,7 +657,7 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
         if (in->cipher_data && in->cipher->ctx_size) {
                 out->cipher_data = malloc(in->cipher->ctx_size);
                 if (!out->cipher_data) {
-                        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
+                        EVPerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index dadd5365a0..1e1cc8350b 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_err.c,v 1.21 2015/02/15 14:35:30 miod Exp $ */
+/* $OpenBSD: evp_err.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -72,102 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
 
 static ERR_STRING_DATA EVP_str_functs[] = {
-        {ERR_FUNC(EVP_F_AEAD_AES_GCM_INIT), "AEAD_AES_GCM_INIT"},
-        {ERR_FUNC(EVP_F_AEAD_AES_GCM_OPEN), "AEAD_AES_GCM_OPEN"},
-        {ERR_FUNC(EVP_F_AEAD_AES_GCM_SEAL), "AEAD_AES_GCM_SEAL"},
-        {ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_INIT), "AEAD_CHACHA20_POLY1305_INIT"},
-        {ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_OPEN), "AEAD_CHACHA20_POLY1305_OPEN"},
-        {ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_SEAL), "AEAD_CHACHA20_POLY1305_SEAL"},
-        {ERR_FUNC(EVP_F_AEAD_CTX_OPEN), "AEAD_CTX_OPEN"},
-        {ERR_FUNC(EVP_F_AEAD_CTX_SEAL), "AEAD_CTX_SEAL"},
-        {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
-        {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"},
-        {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
-        {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"},
-        {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"},
-        {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
-        {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
-        {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"},
-        {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
-        {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"},
-        {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
-        {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
-        {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
-        {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
-        {ERR_FUNC(EVP_F_EVP_AEAD_CTX_INIT), "EVP_AEAD_CTX_init"},
-        {ERR_FUNC(EVP_F_EVP_AEAD_CTX_OPEN), "EVP_AEAD_CTX_open"},
-        {ERR_FUNC(EVP_F_EVP_AEAD_CTX_SEAL), "EVP_AEAD_CTX_seal"},
-        {ERR_FUNC(EVP_F_EVP_BYTESTOKEY), "EVP_BytesToKey"},
-        {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
-        {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"},
-        {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
-        {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
-        {ERR_FUNC(EVP_F_EVP_CIPHER_GET_ASN1_IV), "EVP_CIPHER_get_asn1_iv"},
-        {ERR_FUNC(EVP_F_EVP_CIPHER_SET_ASN1_IV), "EVP_CIPHER_set_asn1_iv"},
-        {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
-        {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
-        {ERR_FUNC(EVP_F_EVP_DIGESTFINAL_EX), "EVP_DigestFinal_ex"},
-        {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
-        {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
-        {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
-        {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
-        {ERR_FUNC(EVP_F_EVP_MD_CTX_CTRL), "EVP_MD_CTX_ctrl"},
-        {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
-        {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
-        {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
-        {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
-        {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
-        {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
-        {ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"},
-        {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE), "EVP_PKEY_derive"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_derive_init"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER), "EVP_PKEY_derive_set_peer"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT), "EVP_PKEY_verify_init"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"},
-        {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT), "EVP_PKEY_verify_recover_init"},
-        {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
-        {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
-        {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
-        {ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"},
-        {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"},
-        {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
-        {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH), "FIPS_CIPHER_CTX_SET_KEY_LENGTH"},
-        {ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"},
-        {ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"},
-        {ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"},
-        {ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"},
-        {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
-        {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
-        {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"},
-        {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
-        {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
-        {ERR_FUNC(EVP_F_RC2_GET_ASN1_TYPE_AND_IV), "RC2_GET_ASN1_TYPE_AND_IV"},
-        {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
-        {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index 2c76743e42..33de513ef2 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_key.c,v 1.23 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: evp_key.c,v 1.24 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -135,11 +135,11 @@ EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
         niv = type->iv_len;
 
         if ((size_t)nkey > EVP_MAX_KEY_LENGTH) {
-                EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_BAD_KEY_LENGTH);
+                EVPerror(EVP_R_BAD_KEY_LENGTH);
                 return 0;
         }
         if ((size_t)niv > EVP_MAX_IV_LENGTH) {
-                EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_IV_TOO_LARGE);
+                EVPerror(EVP_R_IV_TOO_LARGE);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index 491c8d6f67..ad97a3b7b9 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_lib.c,v 1.14 2015/02/10 09:52:35 miod Exp $ */
+/* $OpenBSD: evp_lib.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -100,8 +100,7 @@ EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         if (type != NULL) {
                 l = EVP_CIPHER_CTX_iv_length(c);
                 if (l > sizeof(c->iv)) {
-                        EVPerr(EVP_F_EVP_CIPHER_GET_ASN1_IV,
-                             EVP_R_IV_TOO_LARGE);
+                        EVPerror(EVP_R_IV_TOO_LARGE);
                         return 0;
                 }
                 i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
@@ -122,8 +121,7 @@ EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         if (type != NULL) {
                 j = EVP_CIPHER_CTX_iv_length(c);
                 if (j > sizeof(c->iv)) {
-                        EVPerr(EVP_F_EVP_CIPHER_SET_ASN1_IV,
-                             EVP_R_IV_TOO_LARGE);
+                        EVPerror(EVP_R_IV_TOO_LARGE);
                         return 0;
                 }
                 i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
@@ -291,7 +289,7 @@ int
 EVP_MD_size(const EVP_MD *md)
 {
         if (!md) {
-                EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
+                EVPerror(EVP_R_MESSAGE_DIGEST_IS_NULL);
                 return -1;
         }
         return md->md_size;
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index c7f0c7749a..de08c8d78c 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_pbe.c,v 1.24 2017/01/21 04:38:23 jsing Exp $ */
+/* $OpenBSD: evp_pbe.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -128,7 +128,7 @@ EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
             &cipher_nid, &md_nid, &keygen)) {
                 char obj_tmp[80];
-                EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);
+                EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
                 if (!pbe_obj)
                         strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
                 else
@@ -147,7 +147,7 @@ EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         else {
                 cipher = EVP_get_cipherbynid(cipher_nid);
                 if (!cipher) {
-                        EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_CIPHER);
+                        EVPerror(EVP_R_UNKNOWN_CIPHER);
                         return 0;
                 }
         }
@@ -157,13 +157,13 @@ EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         else {
                 md = EVP_get_digestbynid(md_nid);
                 if (!md) {
-                        EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_DIGEST);
+                        EVPerror(EVP_R_UNKNOWN_DIGEST);
                         return 0;
                 }
         }
 
         if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
-                EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE);
+                EVPerror(EVP_R_KEYGEN_FAILURE);
                 return 0;
         }
         return 1;
@@ -222,14 +222,13 @@ EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
         if (pbe_algs == NULL) {
                 pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
                 if (pbe_algs == NULL) {
-                        EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE,
-                            ERR_R_MALLOC_FAILURE);
+                        EVPerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
         }
         pbe_tmp = malloc(sizeof(EVP_PBE_CTL));
         if (pbe_tmp == NULL) {
-                EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);
+                EVPerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         pbe_tmp->pbe_type = pbe_type;
@@ -240,7 +239,7 @@ EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
 
         if (sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp) == 0) {
                 free(pbe_tmp);
-                EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);
+                EVPerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         return 1;
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 689ff596ce..4dcd2a15a9 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_pkey.c,v 1.18 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: evp_pkey.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -77,13 +77,12 @@ EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
                 return NULL;
 
         if (!(pkey = EVP_PKEY_new())) {
-                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+                EVPerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
         if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) {
-                EVPerr(EVP_F_EVP_PKCS82PKEY,
-                    EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+                EVPerror(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
                 i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
                 ERR_asprintf_error_data("TYPE=%s", obj_tmp);
                 goto error;
@@ -91,12 +90,11 @@ EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
 
         if (pkey->ameth->priv_decode) {
                 if (!pkey->ameth->priv_decode(pkey, p8)) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,
-                            EVP_R_PRIVATE_KEY_DECODE_ERROR);
+                        EVPerror(EVP_R_PRIVATE_KEY_DECODE_ERROR);
                         goto error;
                 }
         } else {
-                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
+                EVPerror(EVP_R_METHOD_NOT_SUPPORTED);
                 goto error;
         }
 
@@ -121,7 +119,7 @@ EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
         PKCS8_PRIV_KEY_INFO *p8;
 
         if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
+                EVPerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         p8->broken = broken;
@@ -129,18 +127,15 @@ EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
         if (pkey->ameth) {
                 if (pkey->ameth->priv_encode) {
                         if (!pkey->ameth->priv_encode(p8, pkey)) {
-                                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                                    EVP_R_PRIVATE_KEY_ENCODE_ERROR);
+                                EVPerror(EVP_R_PRIVATE_KEY_ENCODE_ERROR);
                                 goto error;
                         }
                 } else {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                            EVP_R_METHOD_NOT_SUPPORTED);
+                        EVPerror(EVP_R_METHOD_NOT_SUPPORTED);
                         goto error;
                 }
         } else {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                    EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+                EVPerror(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
                 goto error;
         }
         return p8;
@@ -166,7 +161,7 @@ PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
                 break;
 
         default:
-                EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+                EVPerror(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
                 return NULL;
         }
 }
diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c
index 579325be67..6e955d9480 100644
--- a/src/lib/libcrypto/evp/m_sigver.c
+++ b/src/lib/libcrypto/evp/m_sigver.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_sigver.c,v 1.5 2015/12/14 03:37:27 beck Exp $ */
+/* $OpenBSD: m_sigver.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -81,7 +81,7 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
         }
 
         if (type == NULL) {
-                EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
+                EVPerror(EVP_R_NO_DEFAULT_DIGEST);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index 1d02cbf4a6..75a631bf98 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_crpt.c,v 1.17 2016/11/08 20:01:06 miod Exp $ */
+/* $OpenBSD: p5_crpt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -90,7 +90,7 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
         /* Extract useful info from parameter */
         if (param == NULL || param->type != V_ASN1_SEQUENCE ||
             param->value.sequence == NULL) {
-                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+                EVPerror(EVP_R_DECODE_ERROR);
                 return 0;
         }
 
@@ -100,15 +100,14 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
 
         pbuf = param->value.sequence->data;
         if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
-                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+                EVPerror(EVP_R_DECODE_ERROR);
                 return 0;
         }
 
         if (!pbe->iter)
                 iter = 1;
         else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
-                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,
-                    EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+                EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
                 return 0;
         }
         salt = pbe->salt->data;
@@ -138,12 +137,12 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
                         goto err;
         }
         if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) {
-                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_BAD_KEY_LENGTH);
+                EVPerror(EVP_R_BAD_KEY_LENGTH);
                 goto err;
         }
         memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
         if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) {
-                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_IV_TOO_LARGE);
+                EVPerror(EVP_R_IV_TOO_LARGE);
                 goto err;
         }
         memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 44e8b331fb..4bef287706 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_crpt2.c,v 1.22 2016/11/08 20:01:06 miod Exp $ */
+/* $OpenBSD: p5_crpt2.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -175,22 +175,21 @@ PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
         if (param == NULL || param->type != V_ASN1_SEQUENCE ||
             param->value.sequence == NULL) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+                EVPerror(EVP_R_DECODE_ERROR);
                 goto err;
         }
 
         pbuf = param->value.sequence->data;
         plen = param->value.sequence->length;
         if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+                EVPerror(EVP_R_DECODE_ERROR);
                 goto err;
         }
 
         /* See if we recognise the key derivation function */
 
         if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-                    EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
+                EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
                 goto err;
         }
 
@@ -200,8 +199,7 @@ PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
 
         if (!cipher) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-                    EVP_R_UNSUPPORTED_CIPHER);
+                EVPerror(EVP_R_UNSUPPORTED_CIPHER);
                 goto err;
         }
 
@@ -209,8 +207,7 @@ PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
                 goto err;
         if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-                    EVP_R_CIPHER_PARAMETER_ERROR);
+                EVPerror(EVP_R_CIPHER_PARAMETER_ERROR);
                 goto err;
         }
         rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
@@ -235,19 +232,19 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         const EVP_MD *prfmd;
 
         if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET);
+                EVPerror(EVP_R_NO_CIPHER_SET);
                 return 0;
         }
         keylen = EVP_CIPHER_CTX_key_length(ctx);
         if (keylen > sizeof key) {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH);
+                EVPerror(EVP_R_BAD_KEY_LENGTH);
                 return 0;
         }
 
         /* Decode parameter */
 
         if (!param || (param->type != V_ASN1_SEQUENCE)) {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
+                EVPerror(EVP_R_DECODE_ERROR);
                 return 0;
         }
 
@@ -255,7 +252,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         plen = param->value.sequence->length;
 
         if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
+                EVPerror(EVP_R_DECODE_ERROR);
                 return 0;
         }
 
@@ -263,8 +260,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
         if (kdf->keylength &&
             (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
-                    EVP_R_UNSUPPORTED_KEYLENGTH);
+                EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH);
                 goto err;
         }
 
@@ -274,19 +270,18 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                 prf_nid = NID_hmacWithSHA1;
 
         if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+                EVPerror(EVP_R_UNSUPPORTED_PRF);
                 goto err;
         }
 
         prfmd = EVP_get_digestbynid(hmac_md_nid);
         if (prfmd == NULL) {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+                EVPerror(EVP_R_UNSUPPORTED_PRF);
                 goto err;
         }
 
         if (kdf->salt->type != V_ASN1_OCTET_STRING) {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
-                    EVP_R_UNSUPPORTED_SALT_TYPE);
+                EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE);
                 goto err;
         }
 
@@ -294,8 +289,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         salt = kdf->salt->value.octet_string->data;
         saltlen = kdf->salt->value.octet_string->length;
         if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
-                    EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+                EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
                 goto err;
         }
         if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c
index 2244ae8c62..c827c5e4c2 100644
--- a/src/lib/libcrypto/evp/p_dec.c
+++ b/src/lib/libcrypto/evp/p_dec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_dec.c,v 1.10 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: p_dec.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -78,7 +78,7 @@ EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
 #ifndef OPENSSL_NO_RSA
         if (priv->type != EVP_PKEY_RSA) {
 #endif
-                EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
+                EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
 #ifndef OPENSSL_NO_RSA
                 goto err;
         }
diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c
index 63d2649f6e..49c46f1a70 100644
--- a/src/lib/libcrypto/evp/p_enc.c
+++ b/src/lib/libcrypto/evp/p_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_enc.c,v 1.10 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: p_enc.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -78,7 +78,7 @@ EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len,
 #ifndef OPENSSL_NO_RSA
         if (pubk->type != EVP_PKEY_RSA) {
 #endif
-                EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
+                EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
 #ifndef OPENSSL_NO_RSA
                 goto err;
         }
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index e172c34894..0d4cd26d45 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.16 2014/07/12 22:26:01 miod Exp $ */
+/* $OpenBSD: p_lib.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -128,14 +128,12 @@ int
 EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 {
         if (to->type != from->type) {
-                EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,
-                    EVP_R_DIFFERENT_KEY_TYPES);
+                EVPerror(EVP_R_DIFFERENT_KEY_TYPES);
                 goto err;
         }
 
         if (EVP_PKEY_missing_parameters(from)) {
-                EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,
-                    EVP_R_MISSING_PARAMETERS);
+                EVPerror(EVP_R_MISSING_PARAMETERS);
                 goto err;
         }
         if (from->ameth && from->ameth->param_copy)
@@ -192,7 +190,7 @@ EVP_PKEY_new(void)
 
         ret = malloc(sizeof(EVP_PKEY));
         if (ret == NULL) {
-                EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+                EVPerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         ret->type = EVP_PKEY_NONE;
@@ -240,7 +238,7 @@ pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
                 ENGINE_finish(e);
 #endif
         if (!ameth) {
-                EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
+                EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
                 return 0;
         }
         if (pkey) {
@@ -294,7 +292,7 @@ RSA *
 EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
 {
         if (pkey->type != EVP_PKEY_RSA) {
-                EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+                EVPerror(EVP_R_EXPECTING_AN_RSA_KEY);
                 return NULL;
         }
         RSA_up_ref(pkey->pkey.rsa);
@@ -316,7 +314,7 @@ DSA *
 EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
 {
         if (pkey->type != EVP_PKEY_DSA) {
-                EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+                EVPerror(EVP_R_EXPECTING_A_DSA_KEY);
                 return NULL;
         }
         DSA_up_ref(pkey->pkey.dsa);
@@ -339,7 +337,7 @@ EC_KEY *
 EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
 {
         if (pkey->type != EVP_PKEY_EC) {
-                EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
+                EVPerror(EVP_R_EXPECTING_A_EC_KEY);
                 return NULL;
         }
         EC_KEY_up_ref(pkey->pkey.ec);
@@ -363,7 +361,7 @@ DH *
 EVP_PKEY_get1_DH(EVP_PKEY *pkey)
 {
         if (pkey->type != EVP_PKEY_DH) {
-                EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
+                EVPerror(EVP_R_EXPECTING_A_DH_KEY);
                 return NULL;
         }
         DH_up_ref(pkey->pkey.dh);
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
index 002a6dea70..1eb238dfde 100644
--- a/src/lib/libcrypto/evp/p_open.c
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_open.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: p_open.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -86,7 +86,7 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
                 return 1;
 
         if (priv->type != EVP_PKEY_RSA) {
-                EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA);
+                EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
                 goto err;
         }
 
@@ -94,7 +94,7 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
         key = malloc(size + 2);
         if (key == NULL) {
                 /* ERROR */
-                EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
+                EVPerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index 4058d47f07..6312924518 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_sign.c,v 1.13 2015/02/07 13:19:15 doug Exp $ */
+/* $OpenBSD: p_sign.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -110,12 +110,12 @@ err:
                 }
         }
         if (!ok) {
-                EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
+                EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE);
                 return (0);
         }
 
         if (ctx->digest->sign == NULL) {
-                EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
+                EVPerror(EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
                 return (0);
         }
         return(ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen,
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index e653fcf6a5..7dd752c4fb 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_verify.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: p_verify.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -105,12 +105,11 @@ err:
                 }
         }
         if (!ok) {
-                EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
+                EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE);
                 return (-1);
         }
         if (ctx->digest->verify == NULL) {
-                EVPerr(EVP_F_EVP_VERIFYFINAL,
-                    EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
+                EVPerror(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
                 return (0);
         }
 
diff --git a/src/lib/libcrypto/evp/pmeth_fn.c b/src/lib/libcrypto/evp/pmeth_fn.c
index 4cf18a0be1..c9117eedd4 100644
--- a/src/lib/libcrypto/evp/pmeth_fn.c
+++ b/src/lib/libcrypto/evp/pmeth_fn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_fn.c,v 1.5 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: pmeth_fn.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -76,7 +76,7 @@
                         } \
                 else if (*arglen < pksize) \
                         { \
-                        EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
+                        EVPerror(EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
                         return 0; \
                         } \
                 }
@@ -87,8 +87,7 @@ EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
-                EVPerr(EVP_F_EVP_PKEY_SIGN_INIT,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         ctx->operation = EVP_PKEY_OP_SIGN;
@@ -105,12 +104,11 @@ EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     const unsigned char *tbs, size_t tbslen)
 {
         if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
-                EVPerr(EVP_F_EVP_PKEY_SIGN,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         if (ctx->operation != EVP_PKEY_OP_SIGN) {
-                EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED);
+                EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
                 return -1;
         }
         M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
@@ -123,8 +121,7 @@ EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
-                EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         ctx->operation = EVP_PKEY_OP_VERIFY;
@@ -141,12 +138,11 @@ EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
     const unsigned char *tbs, size_t tbslen)
 {
         if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
-                EVPerr(EVP_F_EVP_PKEY_VERIFY,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         if (ctx->operation != EVP_PKEY_OP_VERIFY) {
-                EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED);
+                EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
                 return -1;
         }
         return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
@@ -158,8 +154,7 @@ EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
-                EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
@@ -176,13 +171,11 @@ EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen,
     const unsigned char *sig, size_t siglen)
 {
         if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
-                EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
-                EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
-                    EVP_R_OPERATON_NOT_INITIALIZED);
+                EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
                 return -1;
         }
         M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
@@ -195,8 +188,7 @@ EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
-                EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         ctx->operation = EVP_PKEY_OP_ENCRYPT;
@@ -213,12 +205,11 @@ EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
     const unsigned char *in, size_t inlen)
 {
         if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
-                EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
-                EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+                EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
                 return -1;
         }
         M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
@@ -231,8 +222,7 @@ EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
-                EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         ctx->operation = EVP_PKEY_OP_DECRYPT;
@@ -249,12 +239,11 @@ EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
     const unsigned char *in, size_t inlen)
 {
         if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
-                EVPerr(EVP_F_EVP_PKEY_DECRYPT,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
-                EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+                EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
                 return -1;
         }
         M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
@@ -267,8 +256,7 @@ EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
-                EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         ctx->operation = EVP_PKEY_OP_DERIVE;
@@ -288,15 +276,13 @@ EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
         if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive ||
             ctx->pmeth->encrypt || ctx->pmeth->decrypt) ||
             !ctx->pmeth->ctrl) {
-                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         if (ctx->operation != EVP_PKEY_OP_DERIVE &&
             ctx->operation != EVP_PKEY_OP_ENCRYPT &&
             ctx->operation != EVP_PKEY_OP_DECRYPT) {
-                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
-                    EVP_R_OPERATON_NOT_INITIALIZED);
+                EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
                 return -1;
         }
 
@@ -309,13 +295,12 @@ EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
                 return 1;
 
         if (!ctx->pkey) {
-                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
+                EVPerror(EVP_R_NO_KEY_SET);
                 return -1;
         }
 
         if (ctx->pkey->type != peer->type) {
-                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
-                    EVP_R_DIFFERENT_KEY_TYPES);
+                EVPerror(EVP_R_DIFFERENT_KEY_TYPES);
                 return -1;
         }
 
@@ -326,8 +311,7 @@ EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
          * -2 is OK for us here, as well as 1, so we can check for 0 only. */
         if (!EVP_PKEY_missing_parameters(peer) &&
             !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
-                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
-                    EVP_R_DIFFERENT_PARAMETERS);
+                EVPerror(EVP_R_DIFFERENT_PARAMETERS);
                 return -1;
         }
 
@@ -349,12 +333,11 @@ int
 EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
 {
         if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
-                EVPerr(EVP_F_EVP_PKEY_DERIVE,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         if (ctx->operation != EVP_PKEY_OP_DERIVE) {
-                EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
+                EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
                 return -1;
         }
         M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
index 29f533625a..d1cbdc409f 100644
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.5 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -72,8 +72,7 @@ EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
-                EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         ctx->operation = EVP_PKEY_OP_PARAMGEN;
@@ -91,13 +90,12 @@ EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
-                EVPerr(EVP_F_EVP_PKEY_PARAMGEN,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
 
         if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
-                EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+                EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
                 return -1;
         }
 
@@ -121,8 +119,7 @@ EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
-                EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         ctx->operation = EVP_PKEY_OP_KEYGEN;
@@ -140,12 +137,11 @@ EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
-                EVPerr(EVP_F_EVP_PKEY_KEYGEN,
-                    EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
         }
         if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
-                EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+                EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
                 return -1;
         }
 
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index 1d64edcbeb..fc5f4ef91e 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.12 2017/01/21 04:38:23 jsing Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -166,7 +166,7 @@ int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
         /* Try to find an ENGINE which implements this method */
         if (e) {
                 if (!ENGINE_init(e)) {
-                        EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB);
+                        EVPerror(ERR_R_ENGINE_LIB);
                         return NULL;
                 }
         } else
@@ -183,7 +183,7 @@ int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
                 pmeth = EVP_PKEY_meth_find(id);
 
         if (pmeth == NULL) {
-                EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM);
+                EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
                 return NULL;
         }
 
@@ -193,7 +193,7 @@ int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
                 if (e)
                         ENGINE_finish(e);
 #endif
-                EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+                EVPerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         ret->engine = e;
@@ -336,7 +336,7 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
 #ifndef OPENSSL_NO_ENGINE
         /* Make sure it's safe to copy a pkey context using an ENGINE */
         if (pctx->engine && !ENGINE_init(pctx->engine)) {
-                EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_ENGINE_LIB);
+                EVPerror(ERR_R_ENGINE_LIB);
                 return 0;
         }
 #endif
@@ -409,26 +409,26 @@ EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd,
         int ret;
 
         if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {
-                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+                EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);
                 return -2;
         }
         if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
                 return -1;
 
         if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {
-                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
+                EVPerror(EVP_R_NO_OPERATION_SET);
                 return -1;
         }
 
         if ((optype != -1) && !(ctx->operation & optype)) {
-                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION);
+                EVPerror(EVP_R_INVALID_OPERATION);
                 return -1;
         }
 
         ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
 
         if (ret == -2)
-                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+                EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);
 
         return ret;
 
@@ -438,15 +438,13 @@ int
 EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value)
 {
         if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {
-                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
-                    EVP_R_COMMAND_NOT_SUPPORTED);
+                EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);
                 return -2;
         }
         if (!strcmp(name, "digest")) {
                 const EVP_MD *md;
                 if (!value || !(md = EVP_get_digestbyname(value))) {
-                        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
-                            EVP_R_INVALID_DIGEST);
+                        EVPerror(EVP_R_INVALID_DIGEST);
                         return 0;
                 }
                 return EVP_PKEY_CTX_set_signature_md(ctx, md);
diff --git a/src/lib/libcrypto/ex_data.c b/src/lib/libcrypto/ex_data.c
index 231e5df8a3..63885af3af 100644
--- a/src/lib/libcrypto/ex_data.c
+++ b/src/lib/libcrypto/ex_data.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ex_data.c,v 1.18 2015/02/10 11:22:21 jsing Exp $ */
+/* $OpenBSD: ex_data.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
 
 /*
  * Overhaul notes;
@@ -332,7 +332,7 @@ def_get_class(int class_index)
         }
         CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
         if (!p)
-                CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE);
+                CRYPTOerror(ERR_R_MALLOC_FAILURE);
         return p;
 }
 
@@ -346,7 +346,7 @@ def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
         CRYPTO_EX_DATA_FUNCS *a = malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
 
         if (!a) {
-                CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
+                CRYPTOerror(ERR_R_MALLOC_FAILURE);
                 return -1;
         }
         a->argl = argl;
@@ -357,7 +357,7 @@ def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
         CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
         while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) {
                 if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) {
-                        CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
+                        CRYPTOerror(ERR_R_MALLOC_FAILURE);
                         free(a);
                         goto err;
                 }
@@ -434,7 +434,7 @@ int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
 skip:
         CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
         if ((mx > 0) && !storage) {
-                CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
+                CRYPTOerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         for (i = 0; i < mx; i++) {
@@ -478,7 +478,7 @@ int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from)
 skip:
         CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
         if ((mx > 0) && !storage) {
-                CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
+                CRYPTOerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         for (i = 0; i < mx; i++) {
@@ -515,7 +515,7 @@ int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
 skip:
         CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
         if ((mx > 0) && !storage) {
-                CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE);
+                CRYPTOerror(ERR_R_MALLOC_FAILURE);
                 return;
         }
         for (i = 0; i < mx; i++) {
@@ -605,8 +605,7 @@ CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
 
         if (ad->sk == NULL) {
                 if ((ad->sk = sk_void_new_null()) == NULL) {
-                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,
-                            ERR_R_MALLOC_FAILURE);
+                        CRYPTOerror(ERR_R_MALLOC_FAILURE);
                         return (0);
                 }
         }
@@ -614,8 +613,7 @@ CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
 
         while (i <= idx) {
                 if (!sk_void_push(ad->sk, NULL)) {
-                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,
-                            ERR_R_MALLOC_FAILURE);
+                        CRYPTOerror(ERR_R_MALLOC_FAILURE);
                         return (0);
                 }
                 i++;
diff --git a/src/lib/libcrypto/gost/gost89imit_pmeth.c b/src/lib/libcrypto/gost/gost89imit_pmeth.c
index 00eaf1decc..1959b36163 100644
--- a/src/lib/libcrypto/gost/gost89imit_pmeth.c
+++ b/src/lib/libcrypto/gost/gost89imit_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gost89imit_pmeth.c,v 1.3 2014/11/13 20:29:55 miod Exp $ */
+/* $OpenBSD: gost89imit_pmeth.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -110,13 +110,13 @@ pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         unsigned char *keydata;
 
         if (!data->key_set) {
-                GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
+                GOSTerror(GOST_R_MAC_KEY_NOT_SET);
                 return 0;
         }
 
         keydata = malloc(32);
         if (keydata == NULL) {
-                GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         memcpy(keydata, data->key, 32);
@@ -133,8 +133,7 @@ pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         switch (type) {
         case EVP_PKEY_CTRL_MD:
                 if (EVP_MD_type(p2) != NID_id_Gost28147_89_MAC) {
-                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
-                            GOST_R_INVALID_DIGEST_TYPE);
+                        GOSTerror(GOST_R_INVALID_DIGEST_TYPE);
                         return 0;
                 }
                 data->md = p2;
@@ -142,8 +141,7 @@ pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 
         case EVP_PKEY_CTRL_SET_MAC_KEY:
                 if (p1 != 32) {
-                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
-                            GOST_R_INVALID_MAC_KEY_LENGTH);
+                        GOSTerror(GOST_R_INVALID_MAC_KEY_LENGTH);
                         return 0;
                 }
 
@@ -159,14 +157,12 @@ pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 if (!data->key_set) {
                         EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
                         if (pkey == NULL) {
-                                GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
-                                    GOST_R_MAC_KEY_NOT_SET);
+                                GOSTerror(GOST_R_MAC_KEY_NOT_SET);
                                 return 0;
                         }
                         key = EVP_PKEY_get0(pkey);
                         if (key == NULL) {
-                                GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
-                                    GOST_R_MAC_KEY_NOT_SET);
+                                GOSTerror(GOST_R_MAC_KEY_NOT_SET);
                                 return 0;
                         }
                 } else {
diff --git a/src/lib/libcrypto/gost/gost_err.c b/src/lib/libcrypto/gost/gost_err.c
index b4e061f985..3bf60ff063 100644
--- a/src/lib/libcrypto/gost/gost_err.c
+++ b/src/lib/libcrypto/gost/gost_err.c
@@ -68,37 +68,10 @@
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason)
 
-static ERR_STRING_DATA GOST_str_functs[]=
-        {
-{ERR_FUNC(GOST_F_DECODE_GOST01_ALGOR_PARAMS),   "DECODE_GOST01_ALGOR_PARAMS"},
-{ERR_FUNC(GOST_F_ENCODE_GOST01_ALGOR_PARAMS),   "ENCODE_GOST01_ALGOR_PARAMS"},
-{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC),      "GOST2001_COMPUTE_PUBLIC"},
-{ERR_FUNC(GOST_F_GOST2001_DO_SIGN),     "GOST2001_DO_SIGN"},
-{ERR_FUNC(GOST_F_GOST2001_DO_VERIFY),   "GOST2001_DO_VERIFY"},
-{ERR_FUNC(GOST_F_GOST2001_KEYGEN),      "GOST2001_KEYGEN"},
-{ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS),   "GOST89_GET_ASN1_PARAMETERS"},
-{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),   "GOST89_SET_ASN1_PARAMETERS"},
-{ERR_FUNC(GOST_F_GOST_KEY_CHECK_KEY),   "GOST_KEY_check_key"},
-{ERR_FUNC(GOST_F_GOST_KEY_NEW), "GOST_KEY_new"},
-{ERR_FUNC(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES),   "GOST_KEY_set_public_key_affine_coordinates"},
-{ERR_FUNC(GOST_F_PARAM_COPY_GOST01),    "PARAM_COPY_GOST01"},
-{ERR_FUNC(GOST_F_PARAM_DECODE_GOST01),  "PARAM_DECODE_GOST01"},
-{ERR_FUNC(GOST_F_PKEY_GOST01_CTRL),     "PKEY_GOST01_CTRL"},
-{ERR_FUNC(GOST_F_PKEY_GOST01_DECRYPT),  "PKEY_GOST01_DECRYPT"},
-{ERR_FUNC(GOST_F_PKEY_GOST01_DERIVE),   "PKEY_GOST01_DERIVE"},
-{ERR_FUNC(GOST_F_PKEY_GOST01_ENCRYPT),  "PKEY_GOST01_ENCRYPT"},
-{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
-{ERR_FUNC(GOST_F_PKEY_GOST01_SIGN),     "PKEY_GOST01_SIGN"},
-{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL),   "PKEY_GOST_MAC_CTRL"},
-{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
-{ERR_FUNC(GOST_F_PRIV_DECODE_GOST01),   "PRIV_DECODE_GOST01"},
-{ERR_FUNC(GOST_F_PUB_DECODE_GOST01),    "PUB_DECODE_GOST01"},
-{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01),    "PUB_ENCODE_GOST01"},
-{ERR_FUNC(GOST_F_PUB_PRINT_GOST01),     "PUB_PRINT_GOST01"},
-{ERR_FUNC(GOST_F_UNPACK_SIGNATURE_CP),  "UNPACK_SIGNATURE_CP"},
-{ERR_FUNC(GOST_F_UNPACK_SIGNATURE_LE),  "UNPACK_SIGNATURE_LE"},
-{0,NULL}
-        };
+static ERR_STRING_DATA GOST_str_functs[]= {
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
+        {0, NULL}
+};
 
 static ERR_STRING_DATA GOST_str_reasons[]=
         {
diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c
index 39749394af..ba70d5f1fc 100644
--- a/src/lib/libcrypto/gost/gostr341001.c
+++ b/src/lib/libcrypto/gost/gostr341001.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001.c,v 1.6 2017/01/21 11:00:47 beck Exp $ */
+/* $OpenBSD: gostr341001.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -109,14 +109,12 @@ gost2001_compute_public(GOST_KEY *ec)
         int ok = 0;
 
         if (group == NULL) {
-                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
-                    GOST_R_KEY_IS_NOT_INITIALIZED);
+                GOSTerror(GOST_R_KEY_IS_NOT_INITIALIZED);
                 return 0;
         }
         ctx = BN_CTX_new();
         if (ctx == NULL) {
-                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
-                    ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         BN_CTX_start(ctx);
@@ -134,7 +132,7 @@ gost2001_compute_public(GOST_KEY *ec)
 
         if (ok == 0) {
 err:
-                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+                GOSTerror(ERR_R_EC_LIB);
         }
         EC_POINT_free(pub_key);
         if (ctx != NULL) {
@@ -158,13 +156,13 @@ gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey)
         int ok = 0;
 
         if (ctx == NULL) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         BN_CTX_start(ctx);
         newsig = ECDSA_SIG_new();
         if (newsig == NULL) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         s = newsig->s;
@@ -190,8 +188,7 @@ gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey)
         do {
                 do {
                         if (!BN_rand_range(k, order)) {
-                                GOSTerr(GOST_F_GOST2001_DO_SIGN,
-                                        GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
+                                GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
                                 goto err;
                         }
                         /*
@@ -206,12 +203,12 @@ gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey)
                                         goto err;
 
                         if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) {
-                                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
+                                GOSTerror(ERR_R_EC_LIB);
                                 goto err;
                         }
                         if (EC_POINT_get_affine_coordinates_GFp(group, C, X,
                             NULL, ctx) == 0) {
-                                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
+                                GOSTerror(ERR_R_EC_LIB);
                                 goto err;
                         }
                         if (BN_nnmod(r, X, order, ctx) == 0)
@@ -285,8 +282,7 @@ gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec)
         pub_key = GOST_KEY_get0_public_key(ec);
         if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
             BN_cmp(sig->s, order) >= 1 || BN_cmp(sig->r, order) >= 1) {
-                GOSTerr(GOST_F_GOST2001_DO_VERIFY,
-                    GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
+                GOSTerror(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
                 goto err;
         }
 
@@ -305,17 +301,17 @@ gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec)
         if ((C = EC_POINT_new(group)) == NULL)
                 goto err;
         if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) {
-                GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
+                GOSTerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx) == 0) {
-                GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
+                GOSTerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (BN_mod_ct(R, X, order, ctx) == 0)
                 goto err;
         if (BN_cmp(R, sig->r) != 0) {
-                GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
+                GOSTerror(GOST_R_SIGNATURE_MISMATCH);
         } else {
                 ok = 1;
         }
@@ -385,8 +381,7 @@ gost2001_keygen(GOST_KEY *ec)
 
         do {
                 if (BN_rand_range(d, order) == 0) {
-                        GOSTerr(GOST_F_GOST2001_KEYGEN,
-                                GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
+                        GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
                         goto err;
                 }
         } while (BN_is_zero(d));
diff --git a/src/lib/libcrypto/gost/gostr341001_ameth.c b/src/lib/libcrypto/gost/gostr341001_ameth.c
index bb569ea846..b6958c77d5 100644
--- a/src/lib/libcrypto/gost/gostr341001_ameth.c
+++ b/src/lib/libcrypto/gost/gostr341001_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_ameth.c,v 1.10 2016/10/19 16:49:11 jsing Exp $ */
+/* $OpenBSD: gostr341001_ameth.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -86,8 +86,7 @@ decode_gost01_algor_params(EVP_PKEY *pkey, const unsigned char **p, int len)
 
         gkp = d2i_GOST_KEY_PARAMS(NULL, p, len);
         if (gkp == NULL) {
-                GOSTerr(GOST_F_DECODE_GOST01_ALGOR_PARAMS,
-                        GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
+                GOSTerror(GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
                 return 0;
         }
         param_nid = OBJ_obj2nid(gkp->key_params);
@@ -125,8 +124,7 @@ encode_gost01_algor_params(const EVP_PKEY *key)
         int pkey_param_nid = NID_undef;
 
         if (params == NULL || gkp == NULL) {
-                GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS,
-                    ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 ASN1_STRING_free(params);
                 params = NULL;
                 goto err;
@@ -139,8 +137,7 @@ encode_gost01_algor_params(const EVP_PKEY *key)
         /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */
         params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
         if (params->length <= 0) {
-                GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS,
-                    ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 ASN1_STRING_free(params);
                 params = NULL;
                 goto err;
@@ -206,8 +203,7 @@ pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
         (void)EVP_PKEY_assign_GOST(pk, NULL);
         X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
         if (ptype != V_ASN1_SEQUENCE) {
-                GOSTerr(GOST_F_PUB_DECODE_GOST01,
-                    GOST_R_BAD_KEY_PARAMETERS_FORMAT);
+                GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
                 return 0;
         }
         p = pval->data;
@@ -216,7 +212,7 @@ pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
 
         octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
         if (octet == NULL) {
-                GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         len = octet->length / 2;
@@ -228,7 +224,7 @@ pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
 
         ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y);
         if (ret == 0)
-                GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
+                GOSTerror(ERR_R_EC_LIB);
 
         BN_free(X);
         BN_free(Y);
@@ -263,19 +259,19 @@ pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
 
         pub_key = GOST_KEY_get0_public_key(ec);
         if (pub_key == NULL) {
-                GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED);
+                GOSTerror(GOST_R_PUBLIC_KEY_UNDEFINED);
                 goto err;
         }
 
         octet = ASN1_OCTET_STRING_new();
         if (octet == NULL) {
-                GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         ret = ASN1_STRING_set(octet, NULL, 2 * key_size);
         if (ret == 0) {
-                GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR);
+                GOSTerror(ERR_R_INTERNAL_ERROR);
                 goto err;
         }
 
@@ -284,13 +280,13 @@ pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
         X = BN_new();
         Y = BN_new();
         if (X == NULL || Y == NULL) {
-                GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         if (EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(ec),
             pub_key, X, Y, NULL) == 0) {
-                GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_EC_LIB);
+                GOSTerror(ERR_R_EC_LIB);
                 goto err;
         }
 
@@ -340,7 +336,7 @@ pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx)
         const EC_GROUP *group;
 
         if (ctx == NULL) {
-                GOSTerr(GOST_F_PUB_PRINT_GOST01, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         BN_CTX_start(ctx);
@@ -352,7 +348,7 @@ pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx)
         group = GOST_KEY_get0_group(pkey->pkey.gost);
         if (EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y,
             ctx) == 0) {
-                GOSTerr(GOST_F_PUB_PRINT_GOST01, ERR_R_EC_LIB);
+                GOSTerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (BIO_indent(out, indent, 128) == 0)
@@ -416,8 +412,7 @@ priv_decode_gost01(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
         (void)EVP_PKEY_assign_GOST(pk, NULL);
         X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
         if (ptype != V_ASN1_SEQUENCE) {
-                GOSTerr(GOST_F_PUB_DECODE_GOST01,
-                    GOST_R_BAD_KEY_PARAMETERS_FORMAT);
+                GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT);
                 return 0;
         }
         p = pval->data;
@@ -432,7 +427,7 @@ priv_decode_gost01(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
                     d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
 
                 if (s == NULL || s->length != 32) {
-                        GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
+                        GOSTerror(EVP_R_DECODE_ERROR);
                         ASN1_STRING_free(s);
                         return 0;
                 }
@@ -448,7 +443,7 @@ priv_decode_gost01(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
                 ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
                 ASN1_INTEGER_free(priv_key);
                 if (ret == 0) {
-                        GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
+                        GOSTerror(EVP_R_DECODE_ERROR);
                         return 0;
                 }
         }
@@ -533,7 +528,7 @@ param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
 
         /* Compatibility */
         if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
-                GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         nid = OBJ_obj2nid(obj);
@@ -541,20 +536,19 @@ param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
 
         ec = GOST_KEY_new();
         if (ec == NULL) {
-                GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         group = EC_GROUP_new_by_curve_name(nid);
         if (group == NULL) {
-                GOSTerr(GOST_F_PARAM_DECODE_GOST01,
-                    EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
+                GOSTerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
                 GOST_KEY_free(ec);
                 return 0;
         }
 
         EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
         if (GOST_KEY_set_group(ec, group) == 0) {
-                GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_EC_LIB);
+                GOSTerror(ERR_R_EC_LIB);
                 EC_GROUP_free(group);
                 GOST_KEY_free(ec);
                 return 0;
@@ -562,7 +556,7 @@ param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
         EC_GROUP_free(group);
         if (GOST_KEY_set_digest(ec,
             NID_id_GostR3411_94_CryptoProParamSet) == 0) {
-                GOSTerr(GOST_F_PARAM_DECODE_GOST01, GOST_R_INVALID_DIGEST_TYPE);
+                GOSTerror(GOST_R_INVALID_DIGEST_TYPE);
                 GOST_KEY_free(ec);
                 return 0;
         }
@@ -594,20 +588,17 @@ param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
         int ret = 1;
 
         if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
-                GOSTerr(GOST_F_PARAM_COPY_GOST01,
-                    GOST_R_INCOMPATIBLE_ALGORITHMS);
+                GOSTerror(GOST_R_INCOMPATIBLE_ALGORITHMS);
                 return 0;
         }
         if (efrom == NULL) {
-                GOSTerr(GOST_F_PARAM_COPY_GOST01,
-                    GOST_R_KEY_PARAMETERS_MISSING);
+                GOSTerror(GOST_R_KEY_PARAMETERS_MISSING);
                 return 0;
         }
         if (eto == NULL) {
                 eto = GOST_KEY_new();
                 if (eto == NULL) {
-                        GOSTerr(GOST_F_PARAM_COPY_GOST01,
-                            ERR_R_MALLOC_FAILURE);
+                        GOSTerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 if (EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto) == 0) {
diff --git a/src/lib/libcrypto/gost/gostr341001_key.c b/src/lib/libcrypto/gost/gostr341001_key.c
index 894a189e3b..0a42a15378 100644
--- a/src/lib/libcrypto/gost/gostr341001_key.c
+++ b/src/lib/libcrypto/gost/gostr341001_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_key.c,v 1.6 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: gostr341001_key.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -78,7 +78,7 @@ GOST_KEY_new(void)
 
         ret = malloc(sizeof(GOST_KEY));
         if (ret == NULL) {
-                GOSTerr(GOST_F_GOST_KEY_NEW, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return (NULL);
         }
         ret->group = NULL;
@@ -118,11 +118,11 @@ GOST_KEY_check_key(const GOST_KEY *key)
         EC_POINT *point = NULL;
 
         if (key == NULL || key->group == NULL || key->pub_key == NULL) {
-                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+                GOSTerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         if (EC_POINT_is_at_infinity(key->group, key->pub_key) != 0) {
-                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+                GOSTerror(EC_R_POINT_AT_INFINITY);
                 goto err;
         }
         if ((ctx = BN_CTX_new()) == NULL)
@@ -132,23 +132,23 @@ GOST_KEY_check_key(const GOST_KEY *key)
 
         /* testing whether the pub_key is on the elliptic curve */
         if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) == 0) {
-                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+                GOSTerror(EC_R_POINT_IS_NOT_ON_CURVE);
                 goto err;
         }
         /* testing whether pub_key * order is the point at infinity */
         if ((order = BN_new()) == NULL)
                 goto err;
         if (EC_GROUP_get_order(key->group, order, ctx) == 0) {
-                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+                GOSTerror(EC_R_INVALID_GROUP_ORDER);
                 goto err;
         }
         if (EC_POINT_mul(key->group, point, NULL, key->pub_key, order,
             ctx) == 0) {
-                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
+                GOSTerror(ERR_R_EC_LIB);
                 goto err;
         }
         if (EC_POINT_is_at_infinity(key->group, point) == 0) {
-                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+                GOSTerror(EC_R_WRONG_ORDER);
                 goto err;
         }
         /*
@@ -157,17 +157,16 @@ GOST_KEY_check_key(const GOST_KEY *key)
          */
         if (key->priv_key != NULL) {
                 if (BN_cmp(key->priv_key, order) >= 0) {
-                        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+                        GOSTerror(EC_R_WRONG_ORDER);
                         goto err;
                 }
                 if (EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL,
                     ctx) == 0) {
-                        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
+                        GOSTerror(ERR_R_EC_LIB);
                         goto err;
                 }
                 if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) {
-                        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY,
-                            EC_R_INVALID_PRIVATE_KEY);
+                        GOSTerror(EC_R_INVALID_PRIVATE_KEY);
                         goto err;
                 }
         }
@@ -188,8 +187,7 @@ GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y)
         int ok = 0;
 
         if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
-                GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                GOSTerror(ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
         ctx = BN_CTX_new();
@@ -215,8 +213,7 @@ GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y)
          * out of range.
          */
         if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) {
-                GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
-                    EC_R_COORDINATES_OUT_OF_RANGE);
+                GOSTerror(EC_R_COORDINATES_OUT_OF_RANGE);
                 goto err;
         }
         if (GOST_KEY_set_public_key(key, point) == 0)
diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c
index 30a066612f..0eb1d873de 100644
--- a/src/lib/libcrypto/gost/gostr341001_pmeth.c
+++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_pmeth.c,v 1.13 2016/10/19 16:49:11 jsing Exp $ */
+/* $OpenBSD: gostr341001_pmeth.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -73,7 +73,7 @@ unpack_signature_cp(const unsigned char *sig, size_t siglen)
 
         s = ECDSA_SIG_new();
         if (s == NULL) {
-                GOSTerr(GOST_F_UNPACK_SIGNATURE_CP, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         BN_bin2bn(sig, siglen / 2, s->s);
@@ -106,7 +106,7 @@ unpack_signature_le(const unsigned char *sig, size_t siglen)
 
         s = ECDSA_SIG_new();
         if (s == NULL) {
-                GOSTerr(GOST_F_UNPACK_SIGNATURE_LE, ERR_R_MALLOC_FAILURE);
+                GOSTerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         GOST_le2bn(sig, siglen / 2, s->r);
@@ -190,7 +190,7 @@ pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 
         if (data->sign_param_nid == NID_undef ||
             data->digest_nid == NID_undef) {
-                GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
+                GOSTerror(GOST_R_NO_PARAMETERS_SET);
                 return 0;
         }
 
@@ -246,11 +246,11 @@ pkey_gost01_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                 *siglen = 2 * size;
                 return 1;
         } else if (*siglen < 2 * size) {
-                GOSTerr(GOST_F_PKEY_GOST01_SIGN, EC_R_BUFFER_TOO_SMALL);
+                GOSTerror(EC_R_BUFFER_TOO_SMALL);
                 return 0;
         }
         if (tbs_len != 32 && tbs_len != 64) {
-                GOSTerr(GOST_F_PKEY_GOST01_SIGN, EVP_R_BAD_BLOCK_LENGTH);
+                GOSTerror(EVP_R_BAD_BLOCK_LENGTH);
                 return 0;
         }
         md = GOST_le2bn(tbs, tbs_len, NULL);
@@ -386,8 +386,7 @@ pkey_gost01_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len,
         }
         gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
         if (gkt == NULL) {
-                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
-                    GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
+                GOSTerror(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
                 return -1;
         }
 
@@ -395,50 +394,44 @@ pkey_gost01_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len,
         eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
         if (eph_key != NULL) {
                 if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
-                        GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
-                            GOST_R_INCOMPATIBLE_PEER_KEY);
+                        GOSTerror(GOST_R_INCOMPATIBLE_PEER_KEY);
                         goto err;
                 }
         } else {
                 /* Set control "public key from client certificate used" */
                 if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3,
                     NULL) <= 0) {
-                        GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
-                            GOST_R_CTRL_CALL_FAILED);
+                        GOSTerror(GOST_R_CTRL_CALL_FAILED);
                         goto err;
                 }
         }
         peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
         if (peerkey == NULL) {
-                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, GOST_R_NO_PEER_KEY);
+                GOSTerror(GOST_R_NO_PEER_KEY);
                 goto err;
         }
 
         nid = OBJ_obj2nid(gkt->key_agreement_info->cipher);
 
         if (gkt->key_agreement_info->eph_iv->length != 8) {
-                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
-                    GOST_R_INVALID_IV_LENGTH);
+                GOSTerror(GOST_R_INVALID_IV_LENGTH);
                 goto err;
         }
         memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
         if (gkt->key_info->encrypted_key->length != 32) {
-                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
-                    EVP_R_BAD_KEY_LENGTH);
+                GOSTerror(EVP_R_BAD_KEY_LENGTH);
                 goto err;
         }
         memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
         if (gkt->key_info->imit->length != 4) {
-                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
-                    ERR_R_INTERNAL_ERROR);
+                GOSTerror(ERR_R_INTERNAL_ERROR);
                 goto err;
         }
         memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
         if (gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey) <= 0)
                 goto err;
         if (gost_key_unwrap_crypto_pro(nid, sharedKey, wrappedKey, key) == 0) {
-                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
-                    GOST_R_ERROR_COMPUTING_SHARED_KEY);
+                GOSTerror(GOST_R_ERROR_COMPUTING_SHARED_KEY);
                 goto err;
         }
 
@@ -462,7 +455,7 @@ pkey_gost01_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
         struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
 
         if (data->shared_ukm == NULL) {
-                GOSTerr(GOST_F_PKEY_GOST01_DERIVE, GOST_R_UKM_NOT_SET);
+                GOSTerror(GOST_R_UKM_NOT_SET);
                 return 0;
         }
 
@@ -500,8 +493,7 @@ pkey_gost01_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len,
         if (sec_key) {
                 key_is_ephemeral = 0;
                 if (GOST_KEY_get0_private_key(sec_key->pkey.gost) == 0) {
-                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
-                            GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
+                        GOSTerror(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
                         goto err;
                 }
         } else {
@@ -548,8 +540,7 @@ pkey_gost01_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len,
         if (key_is_ephemeral) {
                 if (X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,
                     out != NULL ? sec_key : pubk) == 0) {
-                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
-                            GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
+                        GOSTerror(GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
                         goto err;
                 }
         }
@@ -561,8 +552,7 @@ pkey_gost01_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len,
                 /* Set control "public key from client certificate used" */
                 if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3,
                     NULL) <= 0) {
-                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
-                            GOST_R_CTRL_CALL_FAILED);
+                        GOSTerror(GOST_R_CTRL_CALL_FAILED);
                         goto err;
                 }
         }
@@ -588,8 +578,7 @@ pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         case EVP_PKEY_CTRL_MD:
                 if (EVP_MD_type(p2) !=
                     GostR3410_get_md_digest(pctx->digest_nid)) {
-                        GOSTerr(GOST_F_PKEY_GOST01_CTRL,
-                            GOST_R_INVALID_DIGEST_TYPE);
+                        GOSTerror(GOST_R_INVALID_DIGEST_TYPE);
                         return 0;
                 }
                 pctx->md = p2;
@@ -609,8 +598,7 @@ pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 char *ukm = malloc(p1);
 
                 if (ukm == NULL) {
-                        GOSTerr(GOST_F_PKEY_GOST01_CTRL,
-                            ERR_R_MALLOC_FAILURE);
+                        GOSTerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 memcpy(ukm, p2, p1);
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index 155e32a540..8fd980b052 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.c,v 1.22 2015/02/10 09:52:35 miod Exp $ */
+/* $OpenBSD: hmac.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -80,7 +80,7 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md,
                 reset = 1;
                 j = EVP_MD_block_size(md);
                 if ((size_t)j > sizeof(ctx->key)) {
-                        EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_BAD_BLOCK_LENGTH);
+                        EVPerror(EVP_R_BAD_BLOCK_LENGTH);
                         goto err;
                 }
                 if (j < len) {
@@ -93,8 +93,7 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md,
                                 goto err;
                 } else {
                         if ((size_t)len > sizeof(ctx->key)) {
-                                EVPerr(EVP_F_HMAC_INIT_EX,
-                                    EVP_R_BAD_KEY_LENGTH);
+                                EVPerror(EVP_R_BAD_KEY_LENGTH);
                                 goto err;
                         }
                         memcpy(ctx->key, key, len);
diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c
index 81240db204..a9e5f859d5 100644
--- a/src/lib/libcrypto/objects/o_names.c
+++ b/src/lib/libcrypto/objects/o_names.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: o_names.c,v 1.21 2015/07/18 21:21:28 beck Exp $ */
+/* $OpenBSD: o_names.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -67,7 +67,7 @@ OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
         for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
                 name_funcs = malloc(sizeof(NAME_FUNCS));
                 if (!name_funcs) {
-                        OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+                        OBJerror(ERR_R_MALLOC_FAILURE);
                         return (0);
                 }
                 name_funcs->hash_func = lh_strhash;
@@ -75,7 +75,7 @@ OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
                 name_funcs->free_func = NULL;
                 if (sk_NAME_FUNCS_push(name_funcs_stack, name_funcs) == 0) {
                         free(name_funcs);
-                        OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+                        OBJerror(ERR_R_MALLOC_FAILURE);
                         return (0);
                 }
         }
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index e1dacc0d39..5b7fac0588 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.38 2017/01/21 04:44:43 jsing Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.39 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -329,7 +329,7 @@ OBJ_add_object(const ASN1_OBJECT *obj)
         return (o->nid);
 
 err2:
-        OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE);
+        OBJerror(ERR_R_MALLOC_FAILURE);
 err:
         for (i = ADDED_DATA; i <= ADDED_NID; i++)
                 free(ao[i]);
@@ -345,7 +345,7 @@ OBJ_nid2obj(int n)
 
         if ((n >= 0) && (n < NUM_NID)) {
                 if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
-                        OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+                        OBJerror(OBJ_R_UNKNOWN_NID);
                         return (NULL);
                 }
                 return ((ASN1_OBJECT *)&(nid_objs[n]));
@@ -359,7 +359,7 @@ OBJ_nid2obj(int n)
                 if (adp != NULL)
                         return (adp->obj);
                 else {
-                        OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+                        OBJerror(OBJ_R_UNKNOWN_NID);
                         return (NULL);
                 }
         }
@@ -373,7 +373,7 @@ OBJ_nid2sn(int n)
 
         if ((n >= 0) && (n < NUM_NID)) {
                 if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
-                        OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+                        OBJerror(OBJ_R_UNKNOWN_NID);
                         return (NULL);
                 }
                 return (nid_objs[n].sn);
@@ -387,7 +387,7 @@ OBJ_nid2sn(int n)
                 if (adp != NULL)
                         return (adp->obj->sn);
                 else {
-                        OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+                        OBJerror(OBJ_R_UNKNOWN_NID);
                         return (NULL);
                 }
         }
@@ -401,7 +401,7 @@ OBJ_nid2ln(int n)
 
         if ((n >= 0) && (n < NUM_NID)) {
                 if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
-                        OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+                        OBJerror(OBJ_R_UNKNOWN_NID);
                         return (NULL);
                 }
                 return (nid_objs[n].ln);
@@ -415,7 +415,7 @@ OBJ_nid2ln(int n)
                 if (adp != NULL)
                         return (adp->obj->ln);
                 else {
-                        OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+                        OBJerror(OBJ_R_UNKNOWN_NID);
                         return (NULL);
                 }
         }
@@ -799,7 +799,7 @@ OBJ_create(const char *oid, const char *sn, const char *ln)
                 return (0);
 
         if ((buf = malloc(i)) == NULL) {
-                OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE);
+                OBJerror(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
         i = a2d_ASN1_OBJECT(buf, i, oid, -1);
diff --git a/src/lib/libcrypto/objects/obj_err.c b/src/lib/libcrypto/objects/obj_err.c
index 9cea59b785..e1413190eb 100644
--- a/src/lib/libcrypto/objects/obj_err.c
+++ b/src/lib/libcrypto/objects/obj_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_err.c,v 1.11 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: obj_err.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -72,13 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
 
 static ERR_STRING_DATA OBJ_str_functs[] = {
-        {ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT),        "OBJ_add_object"},
-        {ERR_FUNC(OBJ_F_OBJ_CREATE),    "OBJ_create"},
-        {ERR_FUNC(OBJ_F_OBJ_DUP),       "OBJ_dup"},
-        {ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX),    "OBJ_NAME_new_index"},
-        {ERR_FUNC(OBJ_F_OBJ_NID2LN),    "OBJ_nid2ln"},
-        {ERR_FUNC(OBJ_F_OBJ_NID2OBJ),   "OBJ_nid2obj"},
-        {ERR_FUNC(OBJ_F_OBJ_NID2SN),    "OBJ_nid2sn"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/objects/obj_lib.c b/src/lib/libcrypto/objects/obj_lib.c
index 247bafbe01..53f3bb9ebe 100644
--- a/src/lib/libcrypto/objects/obj_lib.c
+++ b/src/lib/libcrypto/objects/obj_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_lib.c,v 1.13 2014/10/07 04:59:25 miod Exp $ */
+/* $OpenBSD: obj_lib.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -79,7 +79,7 @@ OBJ_dup(const ASN1_OBJECT *o)
 
         r = ASN1_OBJECT_new();
         if (r == NULL) {
-                OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
+                OBJerror(ERR_R_ASN1_LIB);
                 return (NULL);
         }
         data = malloc(o->length);
@@ -110,7 +110,7 @@ OBJ_dup(const ASN1_OBJECT *o)
         return (r);
 
 err:
-        OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE);
+        OBJerror(ERR_R_MALLOC_FAILURE);
         free(ln);
         free(sn);
         free(data);
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c
index 6b8fb87880..04ea6866a5 100644
--- a/src/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/src/lib/libcrypto/ocsp/ocsp_cl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_cl.c,v 1.13 2016/12/30 15:31:58 jsing Exp $ */
+/* $OpenBSD: ocsp_cl.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
  * project. */
 
@@ -159,8 +159,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,
                 goto err;
         if (key) {
                 if (!X509_check_private_key(signer, key)) {
-                        OCSPerr(OCSP_F_OCSP_REQUEST_SIGN,
-                            OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                        OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
                         goto err;
                 }
                 if (!OCSP_REQUEST_sign(req, key, dgst))
@@ -202,13 +201,11 @@ OCSP_response_get1_basic(OCSP_RESPONSE *resp)
 
         rb = resp->responseBytes;
         if (!rb) {
-                OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC,
-                    OCSP_R_NO_RESPONSE_DATA);
+                OCSPerror(OCSP_R_NO_RESPONSE_DATA);
                 return NULL;
         }
         if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
-                OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC,
-                    OCSP_R_NOT_BASIC_RESPONSE);
+                OCSPerror(OCSP_R_NOT_BASIC_RESPONSE);
                 return NULL;
         }
 
@@ -341,16 +338,14 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
         /* Check thisUpdate is valid and not more than nsec in the future */
         if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this,
             V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
-                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
-                    OCSP_R_ERROR_IN_THISUPDATE_FIELD);
+                OCSPerror(OCSP_R_ERROR_IN_THISUPDATE_FIELD);
                 return 0;
         } else {
                 t_tmp = t_now + nsec;
                 if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
                         return 0;
                 if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) > 0) {
-                        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
-                            OCSP_R_STATUS_NOT_YET_VALID);
+                        OCSPerror(OCSP_R_STATUS_NOT_YET_VALID);
                         return 0;
                 }
 
@@ -363,8 +358,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
                         if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
                                 return 0;
                         if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) < 0) {
-                                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
-                                    OCSP_R_STATUS_TOO_OLD);
+                                OCSPerror(OCSP_R_STATUS_TOO_OLD);
                                 return 0;
                         }
                 }
@@ -376,24 +370,21 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
         /* Check nextUpdate is valid and not more than nsec in the past */
         if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next,
             V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
-                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
-                    OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
+                OCSPerror(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
                 return 0;
         } else {
                 t_tmp = t_now - nsec;
                 if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
                         return 0;
                 if (ASN1_time_tm_cmp(&tm_next, &tm_tmp) < 0) {
-                        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
-                            OCSP_R_STATUS_EXPIRED);
+                        OCSPerror(OCSP_R_STATUS_EXPIRED);
                         return 0;
                 }
         }
 
         /* Also don't allow nextUpdate to precede thisUpdate */
         if (ASN1_time_tm_cmp(&tm_next, &tm_this) < 0) {
-                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
-                    OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
+                OCSPerror(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c
index af781074b6..9e3237f6a4 100644
--- a/src/lib/libcrypto/ocsp/ocsp_err.c
+++ b/src/lib/libcrypto/ocsp/ocsp_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_err.c,v 1.7 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: ocsp_err.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -72,25 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
 
 static ERR_STRING_DATA OCSP_str_functs[]= {
-        {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE),   "ASN1_STRING_encode"},
-        {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE),       "D2I_OCSP_NONCE"},
-        {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS),       "OCSP_basic_add1_status"},
-        {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN),      "OCSP_basic_sign"},
-        {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY),    "OCSP_basic_verify"},
-        {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW),     "OCSP_cert_id_new"},
-        {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
-        {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS),       "OCSP_CHECK_IDS"},
-        {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER),    "OCSP_CHECK_ISSUER"},
-        {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY),  "OCSP_check_validity"},
-        {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID),  "OCSP_MATCH_ISSUERID"},
-        {ERR_FUNC(OCSP_F_OCSP_PARSE_URL),       "OCSP_parse_url"},
-        {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN),    "OCSP_request_sign"},
-        {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),  "OCSP_request_verify"},
-        {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),     "OCSP_response_get1_basic"},
-        {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),     "OCSP_sendreq_bio"},
-        {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO),    "OCSP_sendreq_nbio"},
-        {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1),     "PARSE_HTTP_LINE1"},
-        {ERR_FUNC(OCSP_F_REQUEST_VERIFY),       "REQUEST_VERIFY"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
index 61af3717b7..b9c969928a 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ht.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_ht.c,v 1.23 2016/11/05 15:21:20 miod Exp $ */
+/* $OpenBSD: ocsp_ht.c,v 1.24 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -207,8 +207,7 @@ parse_http_line1(char *line)
         for (p = line; *p && !isspace((unsigned char)*p); p++)
                 continue;
         if (!*p) {
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-                    OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+                OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
                 return 0;
         }
 
@@ -216,8 +215,7 @@ parse_http_line1(char *line)
         while (*p && isspace((unsigned char)*p))
                 p++;
         if (!*p) {
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-                    OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+                OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
                 return 0;
         }
 
@@ -225,8 +223,7 @@ parse_http_line1(char *line)
         for (q = p; *q && !isspace((unsigned char)*q); q++)
                 continue;
         if (!*q) {
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-                    OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+                OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
                 return 0;
         }
 
@@ -251,7 +248,7 @@ parse_http_line1(char *line)
                         *r = 0;
         }
         if (retcode != 200) {
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
+                OCSPerror(OCSP_R_SERVER_RESPONSE_ERROR);
                 if (!*q)
                         ERR_asprintf_error_data("Code=%s", p);
                 else
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 4a109b5513..d56a002096 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_lib.c,v 1.19 2016/12/21 18:13:59 beck Exp $ */
+/* $OpenBSD: ocsp_lib.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
  * project. */
 
@@ -115,7 +115,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
         if (alg->algorithm != NULL)
                 ASN1_OBJECT_free(alg->algorithm);
         if ((nid = EVP_MD_type(dgst)) == NID_undef) {
-                OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
+                OCSPerror(OCSP_R_UNKNOWN_NID);
                 goto err;
         }
         if (!(alg->algorithm = OBJ_nid2obj(nid)))
@@ -144,7 +144,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
         return cid;
 
 digerr:
-        OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
+        OCSPerror(OCSP_R_DIGEST_ERR);
 err:
         if (cid)
                 OCSP_CERTID_free(cid);
@@ -193,11 +193,11 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
         } else if (strncmp(url, "http://", 7) == 0)
                 host = strdup(url + 7);
         else {
-                OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+                OCSPerror(OCSP_R_ERROR_PARSING_URL);
                 return 0;
         }
         if (host == NULL) {
-                OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+                OCSPerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
@@ -221,7 +221,7 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
                 free(host);
                 free(path);
                 free(port);
-                OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+                OCSPerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c
index ee4a5dd6db..a9e0aaab2f 100644
--- a/src/lib/libcrypto/ocsp/ocsp_srv.c
+++ b/src/lib/libcrypto/ocsp/ocsp_srv.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_srv.c,v 1.9 2016/12/30 15:31:58 jsing Exp $ */
+/* $OpenBSD: ocsp_srv.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -168,8 +168,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status,
         switch (cs->type = status) {
         case V_OCSP_CERTSTATUS_REVOKED:
                 if (!revtime) {
-                        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,
-                            OCSP_R_NO_REVOKED_TIME);
+                        OCSPerror(OCSP_R_NO_REVOKED_TIME);
                         goto err;
                 }
                 if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
@@ -226,8 +225,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
         OCSP_RESPID *rid;
 
         if (!X509_check_private_key(signer, key)) {
-                OCSPerr(OCSP_F_OCSP_BASIC_SIGN,
-                    OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 80dd54e958..ebdd826878 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_vfy.c,v 1.14 2016/11/05 13:27:53 miod Exp $ */
+/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -86,8 +86,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
 
         ret = ocsp_find_signer(&signer, bs, certs, st, flags);
         if (!ret) {
-                OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
-                    OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+                OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
                 goto end;
         }
         if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
@@ -101,8 +100,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                         EVP_PKEY_free(skey);
                 }
                 if (!skey || ret <= 0) {
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
-                            OCSP_R_SIGNATURE_FAILURE);
+                        OCSPerror(OCSP_R_SIGNATURE_FAILURE);
                         goto end;
                 }
         }
@@ -116,8 +114,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                         for (i = 0; i < sk_X509_num(certs); i++) {
                                 if (!sk_X509_push(untrusted,
                                         sk_X509_value(certs, i))) {
-                                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
-                                            ERR_R_MALLOC_FAILURE);
+                                        OCSPerror(ERR_R_MALLOC_FAILURE);
                                         goto end;
                                 }
                         }
@@ -126,7 +123,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                 init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
                 if (!init_res) {
                         ret = -1;
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
+                        OCSPerror(ERR_R_X509_LIB);
                         goto end;
                 }
 
@@ -141,8 +138,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                 X509_STORE_CTX_cleanup(&ctx);
                 if (ret <= 0) {
                         i = X509_STORE_CTX_get_error(&ctx);
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
-                            OCSP_R_CERTIFICATE_VERIFY_ERROR);
+                        OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR);
                         ERR_asprintf_error_data("Verify error:%s",
                             X509_verify_cert_error_string(i));
                         goto end;
@@ -169,8 +165,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                 x = sk_X509_value(chain, sk_X509_num(chain) - 1);
                 if (X509_check_trust(x, NID_OCSP_sign, 0) !=
                         X509_TRUST_TRUSTED) {
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
-                            OCSP_R_ROOT_CA_NOT_TRUSTED);
+                        OCSPerror(OCSP_R_ROOT_CA_NOT_TRUSTED);
                         goto end;
                 }
                 ret = 1;
@@ -245,8 +240,7 @@ ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
         sresp = bs->tbsResponseData->responses;
 
         if (sk_X509_num(chain) <= 0) {
-                OCSPerr(OCSP_F_OCSP_CHECK_ISSUER,
-                    OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+                OCSPerror(OCSP_R_NO_CERTIFICATES_IN_CHAIN);
                 return -1;
         }
 
@@ -288,8 +282,7 @@ ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
 
         idcount = sk_OCSP_SINGLERESP_num(sresp);
         if (idcount <= 0) {
-                OCSPerr(OCSP_F_OCSP_CHECK_IDS,
-                    OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+                OCSPerror(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
                 return -1;
         }
 
@@ -323,8 +316,7 @@ ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
 
                 if (!(dgst =
                     EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) {
-                        OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
-                            OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+                        OCSPerror(OCSP_R_UNKNOWN_MESSAGE_DIGEST);
                         return -1;
                 }
 
@@ -365,7 +357,7 @@ ocsp_check_delegated(X509 *x, int flags)
         X509_check_purpose(x, -1, 0);
         if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))
                 return 1;
-        OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+        OCSPerror(OCSP_R_MISSING_OCSPSIGNING_USAGE);
         return 0;
 }
 
@@ -384,20 +376,18 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
         X509_STORE_CTX ctx;
 
         if (!req->optionalSignature) {
-                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+                OCSPerror(OCSP_R_REQUEST_NOT_SIGNED);
                 return 0;
         }
         gen = req->tbsRequest->requestorName;
         if (!gen || gen->type != GEN_DIRNAME) {
-                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
-                    OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+                OCSPerror(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
                 return 0;
         }
         nm = gen->d.directoryName;
         ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
         if (ret <= 0) {
-                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
-                    OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+                OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
                 return 0;
         }
         if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
@@ -409,8 +399,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
                 ret = OCSP_REQUEST_verify(req, skey);
                 EVP_PKEY_free(skey);
                 if (ret <= 0) {
-                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
-                            OCSP_R_SIGNATURE_FAILURE);
+                        OCSPerror(OCSP_R_SIGNATURE_FAILURE);
                         return 0;
                 }
         }
@@ -424,7 +413,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
                         init_res = X509_STORE_CTX_init(&ctx, store, signer,
                             req->optionalSignature->certs);
                 if (!init_res) {
-                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
+                        OCSPerror(ERR_R_X509_LIB);
                         return 0;
                 }
 
@@ -439,8 +428,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
                 X509_STORE_CTX_cleanup(&ctx);
                 if (ret <= 0) {
                         ret = X509_STORE_CTX_get_error(&ctx);
-                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
-                            OCSP_R_CERTIFICATE_VERIFY_ERROR);
+                        OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR);
                         ERR_asprintf_error_data("Verify error:%s",
                             X509_verify_cert_error_string(ret));
                         return 0;
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
index c3d0fa3576..8d3c278b54 100644
--- a/src/lib/libcrypto/pem/pem_err.c
+++ b/src/lib/libcrypto/pem/pem_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_err.c,v 1.11 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: pem_err.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
  *
@@ -72,46 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
 
 static ERR_STRING_DATA PEM_str_functs[] = {
-        {ERR_FUNC(PEM_F_B2I_DSS),       "B2I_DSS"},
-        {ERR_FUNC(PEM_F_B2I_PVK_BIO),   "b2i_PVK_bio"},
-        {ERR_FUNC(PEM_F_B2I_RSA),       "B2I_RSA"},
-        {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA),      "CHECK_BITLEN_DSA"},
-        {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA),      "CHECK_BITLEN_RSA"},
-        {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO),       "d2i_PKCS8PrivateKey_bio"},
-        {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP),        "d2i_PKCS8PrivateKey_fp"},
-        {ERR_FUNC(PEM_F_DO_B2I),        "DO_B2I"},
-        {ERR_FUNC(PEM_F_DO_B2I_BIO),    "DO_B2I_BIO"},
-        {ERR_FUNC(PEM_F_DO_BLOB_HEADER),        "DO_BLOB_HEADER"},
-        {ERR_FUNC(PEM_F_DO_PK8PKEY),    "DO_PK8PKEY"},
-        {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
-        {ERR_FUNC(PEM_F_DO_PVK_BODY),   "DO_PVK_BODY"},
-        {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
-        {ERR_FUNC(PEM_F_I2B_PVK),       "I2B_PVK"},
-        {ERR_FUNC(PEM_F_I2B_PVK_BIO),   "i2b_PVK_bio"},
-        {ERR_FUNC(PEM_F_LOAD_IV),       "LOAD_IV"},
-        {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
-        {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO),     "PEM_ASN1_read_bio"},
-        {ERR_FUNC(PEM_F_PEM_ASN1_WRITE),        "PEM_ASN1_write"},
-        {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO),    "PEM_ASN1_write_bio"},
-        {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK),      "PEM_def_callback"},
-        {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
-        {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),       "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
-        {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO),       "PEM_get_EVP_CIPHER_INFO"},
-        {ERR_FUNC(PEM_F_PEM_PK8PKEY),   "PEM_PK8PKEY"},
-        {ERR_FUNC(PEM_F_PEM_READ),      "PEM_read"},
-        {ERR_FUNC(PEM_F_PEM_READ_BIO),  "PEM_read_bio"},
-        {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS),       "PEM_read_bio_Parameters"},
-        {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY),       "PEM_READ_BIO_PRIVATEKEY"},
-        {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY),   "PEM_READ_PRIVATEKEY"},
-        {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
-        {ERR_FUNC(PEM_F_PEM_SEALINIT),  "PEM_SealInit"},
-        {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
-        {ERR_FUNC(PEM_F_PEM_WRITE),     "PEM_write"},
-        {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
-        {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY),  "PEM_WRITE_PRIVATEKEY"},
-        {ERR_FUNC(PEM_F_PEM_X509_INFO_READ),    "PEM_X509_INFO_read"},
-        {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO),        "PEM_X509_INFO_read_bio"},
-        {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO),       "PEM_X509_INFO_write_bio"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 191e3b5b10..f02aaa8bb4 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_info.c,v 1.21 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: pem_info.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -83,7 +83,7 @@ PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
         STACK_OF(X509_INFO) *ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
+                PEMerror(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -109,8 +109,7 @@ PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
 
         if (sk == NULL) {
                 if ((ret = sk_X509_INFO_new_null()) == NULL) {
-                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,
-                            ERR_R_MALLOC_FAILURE);
+                        PEMerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
         } else
@@ -249,13 +248,11 @@ start:
                                 if (ptype) {
                                         if (!d2i_PrivateKey(ptype, pp, &p,
                                             len)) {
-                                                PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,
-                                                    ERR_R_ASN1_LIB);
+                                                PEMerror(ERR_R_ASN1_LIB);
                                                 goto err;
                                         }
                                 } else if (d2i(pp, &p, len) == NULL) {
-                                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,
-                                            ERR_R_ASN1_LIB);
+                                        PEMerror(ERR_R_ASN1_LIB);
                                         goto err;
                                 }
                         } else { /* encrypted RSA data */
@@ -323,8 +320,7 @@ PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
         if (enc != NULL) {
                 objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
                 if (objstr == NULL) {
-                        PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
-                            PEM_R_UNSUPPORTED_CIPHER);
+                        PEMerror(PEM_R_UNSUPPORTED_CIPHER);
                         goto err;
                 }
         }
@@ -337,8 +333,7 @@ PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
         if (xi->x_pkey != NULL) {
                 if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) {
                         if (enc == NULL) {
-                                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
-                                    PEM_R_CIPHER_IS_NULL);
+                                PEMerror(PEM_R_CIPHER_IS_NULL);
                                 goto err;
                         }
 
@@ -355,16 +350,14 @@ PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                         objstr = OBJ_nid2sn(
                             EVP_CIPHER_nid(xi->enc_cipher.cipher));
                         if (objstr == NULL) {
-                                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
-                                    PEM_R_UNSUPPORTED_CIPHER);
+                                PEMerror(PEM_R_UNSUPPORTED_CIPHER);
                                 goto err;
                         }
 
                         /* create the right magic header stuff */
                         if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 >
                             sizeof buf) {
-                                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
-                                    ASN1_R_BUFFER_TOO_SMALL);
+                                PEMerror(ASN1_R_BUFFER_TOO_SMALL);
                                 goto err;
                         }
                         buf[0] = '\0';
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 7178c8744f..b2c72e1d76 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.43 2016/10/19 16:49:11 jsing Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.44 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -112,8 +112,7 @@ PEM_def_callback(char *buf, int num, int w, void *key)
         for (;;) {
                 i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w);
                 if (i != 0) {
-                        PEMerr(PEM_F_PEM_DEF_CALLBACK,
-                            PEM_R_PROBLEMS_GETTING_PASSWORD);
+                        PEMerror(PEM_R_PROBLEMS_GETTING_PASSWORD);
                         memset(buf, 0, num);
                         return (-1);
                 }
@@ -176,7 +175,7 @@ PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
         void *ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
+                PEMerror(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -323,7 +322,7 @@ PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, void *x,
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
+                PEMerror(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -348,14 +347,13 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
         if (enc != NULL) {
                 objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
                 if (objstr == NULL) {
-                        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
-                            PEM_R_UNSUPPORTED_CIPHER);
+                        PEMerror(PEM_R_UNSUPPORTED_CIPHER);
                         goto err;
                 }
         }
 
         if ((dsize = i2d(x, NULL)) < 0) {
-                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
+                PEMerror(ERR_R_ASN1_LIB);
                 dsize = 0;
                 goto err;
         }
@@ -363,7 +361,7 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
         /* actually it needs the cipher block size extra... */
         data = malloc(dsize + 20);
         if (data == NULL) {
-                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
+                PEMerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         p = data;
@@ -376,14 +374,13 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
                         else
                                 klen = (*callback)(buf, PEM_BUFSIZE, 1, u);
                         if (klen <= 0) {
-                                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
-                                    PEM_R_READ_KEY);
+                                PEMerror(PEM_R_READ_KEY);
                                 goto err;
                         }
                         kstr = (unsigned char *)buf;
                 }
                 if ((size_t)enc->iv_len > sizeof(iv)) {
-                        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, EVP_R_IV_TOO_LARGE);
+                        PEMerror(EVP_R_IV_TOO_LARGE);
                         goto err;
                 }
                 arc4random_buf(iv, enc->iv_len); /* Generate a salt */
@@ -397,8 +394,7 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
                         explicit_bzero(buf, PEM_BUFSIZE);
 
                 if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) {
-                        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
-                            ASN1_R_BUFFER_TOO_SMALL);
+                        PEMerror(ASN1_R_BUFFER_TOO_SMALL);
                         goto err;
                 }
 
@@ -455,7 +451,7 @@ PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
         else
                 klen = callback(buf, PEM_BUFSIZE, 0, u);
         if (klen <= 0) {
-                PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
+                PEMerror(PEM_R_BAD_PASSWORD_READ);
                 return (0);
         }
         if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
@@ -474,7 +470,7 @@ PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
         explicit_bzero((char *)buf, sizeof(buf));
         explicit_bzero((char *)key, sizeof(key));
         if (!o) {
-                PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
+                PEMerror(PEM_R_BAD_DECRYPT);
                 return (0);
         }
         *plen = j + i;
@@ -492,7 +488,7 @@ PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
         if ((header == NULL) || (*header == '\0') || (*header == '\n'))
                 return (1);
         if (strncmp(header, "Proc-Type: ", 11) != 0) {
-                PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
+                PEMerror(PEM_R_NOT_PROC_TYPE);
                 return (0);
         }
         header += 11;
@@ -503,18 +499,18 @@ PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
                 return (0);
         header++;
         if (strncmp(header, "ENCRYPTED", 9) != 0) {
-                PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
+                PEMerror(PEM_R_NOT_ENCRYPTED);
                 return (0);
         }
         for (; (*header != '\n') && (*header != '\0'); header++)
                 ;
         if (*header == '\0') {
-                PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
+                PEMerror(PEM_R_SHORT_HEADER);
                 return (0);
         }
         header++;
         if (strncmp(header, "DEK-Info: ", 10) != 0) {
-                PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
+                PEMerror(PEM_R_NOT_DEK_INFO);
                 return (0);
         }
         header += 10;
@@ -533,8 +529,7 @@ PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
         header++;
 
         if (enc == NULL) {
-                PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,
-                    PEM_R_UNSUPPORTED_ENCRYPTION);
+                PEMerror(PEM_R_UNSUPPORTED_ENCRYPTION);
                 return (0);
         }
         if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len))
@@ -561,7 +556,7 @@ load_iv(char **fromp, unsigned char *to, int num)
                 else if ((*from >= 'a') && (*from <= 'f'))
                         v = *from - 'a' + 10;
                 else {
-                        PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
+                        PEMerror(PEM_R_BAD_IV_CHARS);
                         return (0);
                 }
                 from++;
@@ -579,7 +574,7 @@ PEM_write(FILE *fp, char *name, char *header, unsigned char *data, long len)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
+                PEMerror(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -645,7 +640,7 @@ err:
                 explicit_bzero(buf, PEM_BUFSIZE * 8);
                 free(buf);
         }
-        PEMerr(PEM_F_PEM_WRITE_BIO, reason);
+        PEMerror(reason);
         return (0);
 }
 
@@ -656,7 +651,7 @@ PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
+                PEMerror(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -683,7 +678,7 @@ PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
                 BUF_MEM_free(nameB);
                 BUF_MEM_free(headerB);
                 BUF_MEM_free(dataB);
-                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+                PEMerror(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
 
@@ -692,7 +687,7 @@ PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
                 i = BIO_gets(bp, buf, 254);
 
                 if (i <= 0) {
-                        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
+                        PEMerror(PEM_R_NO_START_LINE);
                         goto err;
                 }
 
@@ -707,8 +702,7 @@ PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
                         if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
                                 continue;
                         if (!BUF_MEM_grow(nameB, i + 9)) {
-                                PEMerr(PEM_F_PEM_READ_BIO,
-                                    ERR_R_MALLOC_FAILURE);
+                                PEMerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         memcpy(nameB->data, &(buf[11]), i - 6);
@@ -718,7 +712,7 @@ PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
         }
         hl = 0;
         if (!BUF_MEM_grow(headerB, 256)) {
-                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+                PEMerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         headerB->data[0] = '\0';
@@ -735,7 +729,7 @@ PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
                 if (buf[0] == '\n')
                         break;
                 if (!BUF_MEM_grow(headerB, hl + i + 9)) {
-                        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+                        PEMerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 if (strncmp(buf, "-----END ", 9) == 0) {
@@ -749,7 +743,7 @@ PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
 
         bl = 0;
         if (!BUF_MEM_grow(dataB, 1024)) {
-                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+                PEMerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         dataB->data[0] = '\0';
@@ -771,8 +765,7 @@ PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
                         if (i > 65)
                                 break;
                         if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
-                                PEMerr(PEM_F_PEM_READ_BIO,
-                                    ERR_R_MALLOC_FAILURE);
+                                PEMerror(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         memcpy(&(dataB->data[bl]), buf, i);
@@ -802,7 +795,7 @@ PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
         if ((strncmp(buf, "-----END ", 9) != 0) ||
             (strncmp(nameB->data, &(buf[9]), i) != 0) ||
             (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
-                PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
+                PEMerror(PEM_R_BAD_END_LINE);
                 goto err;
         }
 
@@ -811,12 +804,12 @@ PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
             (unsigned char *)dataB->data, &bl,
             (unsigned char *)dataB->data, bl);
         if (i < 0) {
-                PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
+                PEMerror(PEM_R_BAD_BASE64_DECODE);
                 goto err;
         }
         i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
         if (i < 0) {
-                PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
+                PEMerror(PEM_R_BAD_BASE64_DECODE);
                 goto err;
         }
         bl += k;
diff --git a/src/lib/libcrypto/pem/pem_oth.c b/src/lib/libcrypto/pem/pem_oth.c
index ccd2b893d5..21498cb6b5 100644
--- a/src/lib/libcrypto/pem/pem_oth.c
+++ b/src/lib/libcrypto/pem/pem_oth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_oth.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: pem_oth.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -81,7 +81,7 @@ PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
         p = data;
         ret = d2i(x, &p, len);
         if (ret == NULL)
-                PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
+                PEMerror(ERR_R_ASN1_LIB);
         free(data);
         return (ret);
 }
diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c
index 4b3578f971..43581905f0 100644
--- a/src/lib/libcrypto/pem/pem_pk8.c
+++ b/src/lib/libcrypto/pem/pem_pk8.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_pk8.c,v 1.12 2016/09/04 16:10:38 jsing Exp $ */
+/* $OpenBSD: pem_pk8.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -116,8 +116,7 @@ do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
         int ret;
 
         if (!(p8inf = EVP_PKEY2PKCS8(x))) {
-                PEMerr(PEM_F_DO_PK8PKEY,
-                    PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+                PEMerror(PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
                 return 0;
         }
         if (enc || (nid != -1)) {
@@ -127,7 +126,7 @@ do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
                         else
                                 klen = cb(buf, PEM_BUFSIZE, 1, u);
                         if (klen <= 0) {
-                                PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
+                                PEMerror(PEM_R_READ_KEY);
                                 PKCS8_PRIV_KEY_INFO_free(p8inf);
                                 return 0;
                         }
@@ -171,7 +170,7 @@ d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
         else
                 klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
         if (klen <= 0) {
-                PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
+                PEMerror(PEM_R_BAD_PASSWORD_READ);
                 X509_SIG_free(p8);
                 return NULL;
         }
@@ -227,7 +226,7 @@ do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
         int ret;
 
         if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-                PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
+                PEMerror(ERR_R_BUF_LIB);
                 return (0);
         }
         ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
@@ -242,7 +241,7 @@ d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
         EVP_PKEY *ret;
 
         if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-                PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
+                PEMerror(ERR_R_BUF_LIB);
                 return NULL;
         }
         ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
index afb476f818..6651ef9419 100644
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_pkey.c,v 1.21 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: pem_pkey.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -116,8 +116,7 @@ PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
                 else
                         klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
                 if (klen <= 0) {
-                        PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
-                            PEM_R_BAD_PASSWORD_READ);
+                        PEMerror(PEM_R_BAD_PASSWORD_READ);
                         X509_SIG_free(p8);
                         goto err;
                 }
@@ -141,7 +140,7 @@ PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
 
 p8err:
         if (ret == NULL)
-                PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
+                PEMerror(ERR_R_ASN1_LIB);
 err:
         free(nm);
         explicit_bzero(data, len);
@@ -199,7 +198,7 @@ PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
 
 err:
         if (ret == NULL)
-                PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB);
+                PEMerror(ERR_R_ASN1_LIB);
         free(nm);
         free(data);
         return (ret);
@@ -226,7 +225,7 @@ PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
         EVP_PKEY *ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
+                PEMerror(ERR_R_BUF_LIB);
                 return (0);
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -243,7 +242,7 @@ PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
         int ret;
 
         if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
-                PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY, ERR_R_BUF_LIB);
+                PEMerror(ERR_R_BUF_LIB);
                 return 0;
         }
         ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index 79162b32d7..c6d61fff0f 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_seal.c,v 1.23 2016/11/05 11:32:45 miod Exp $ */
+/* $OpenBSD: pem_seal.c,v 1.24 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -97,7 +97,7 @@ PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
 
         for (i = 0; i < npubk; i++) {
                 if (pubk[i]->type != EVP_PKEY_RSA) {
-                        PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA);
+                        PEMerror(PEM_R_PUBLIC_KEY_NO_RSA);
                         goto err;
                 }
                 j = RSA_size(pubk[i]->pkey.rsa);
@@ -106,7 +106,7 @@ PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
         }
         s = reallocarray(NULL, max, 2);
         if (s == NULL) {
-                PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE);
+                PEMerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -170,7 +170,7 @@ PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
         unsigned int i;
 
         if (priv->type != EVP_PKEY_RSA) {
-                PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA);
+                PEMerror(PEM_R_PUBLIC_KEY_NO_RSA);
                 goto err;
         }
         i = RSA_size(priv->pkey.rsa);
@@ -178,7 +178,7 @@ PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
                 i = 100;
         s = reallocarray(NULL, i, 2);
         if (s == NULL) {
-                PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE);
+                PEMerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/pem/pem_sign.c b/src/lib/libcrypto/pem/pem_sign.c
index aab8c4d6b8..a225e8970f 100644
--- a/src/lib/libcrypto/pem/pem_sign.c
+++ b/src/lib/libcrypto/pem/pem_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_sign.c,v 1.12 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: pem_sign.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -87,7 +87,7 @@ PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
 
         m = malloc(EVP_PKEY_size(pkey) + 2);
         if (m == NULL) {
-                PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
+                PEMerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
index 0a33a24b9f..5ed8df585f 100644
--- a/src/lib/libcrypto/pem/pvkfmt.c
+++ b/src/lib/libcrypto/pem/pvkfmt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pvkfmt.c,v 1.17 2017/01/21 09:38:59 beck Exp $ */
+/* $OpenBSD: pvkfmt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -157,15 +157,13 @@ do_blob_header(const unsigned char **in, unsigned int length,
         /* bType */
         if (*p == MS_PUBLICKEYBLOB) {
                 if (*pispub == 0) {
-                        PEMerr(PEM_F_DO_BLOB_HEADER,
-                            PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+                        PEMerror(PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
                         return 0;
                 }
                 *pispub = 1;
         } else if (*p == MS_PRIVATEKEYBLOB) {
                 if (*pispub == 1) {
-                        PEMerr(PEM_F_DO_BLOB_HEADER,
-                            PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+                        PEMerror(PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
                         return 0;
                 }
                 *pispub = 0;
@@ -174,7 +172,7 @@ do_blob_header(const unsigned char **in, unsigned int length,
         p++;
         /* Version */
         if (*p++ != 0x2) {
-                PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
+                PEMerror(PEM_R_BAD_VERSION_NUMBER);
                 return 0;
         }
         /* Ignore reserved, aiKeyAlg */
@@ -182,7 +180,7 @@ do_blob_header(const unsigned char **in, unsigned int length,
         *pmagic = read_ledword(&p);
         *pbitlen = read_ledword(&p);
         if (*pbitlen > 65536) {
-                PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_INCONSISTENT_HEADER);
+                PEMerror(PEM_R_INCONSISTENT_HEADER);
                 return 0;
         }
         *pisdss = 0;
@@ -192,8 +190,7 @@ do_blob_header(const unsigned char **in, unsigned int length,
                 *pisdss = 1;
         case MS_RSA1MAGIC:
                 if (*pispub == 0) {
-                        PEMerr(PEM_F_DO_BLOB_HEADER,
-                            PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+                        PEMerror(PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
                         return 0;
                 }
                 break;
@@ -202,14 +199,13 @@ do_blob_header(const unsigned char **in, unsigned int length,
                 *pisdss = 1;
         case MS_RSA2MAGIC:
                 if (*pispub == 1) {
-                        PEMerr(PEM_F_DO_BLOB_HEADER,
-                            PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+                        PEMerror(PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
                         return 0;
                 }
                 break;
 
         default:
-                PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+                PEMerror(PEM_R_BAD_MAGIC_NUMBER);
                 return -1;
         }
         *in = p;
@@ -256,12 +252,12 @@ do_b2i(const unsigned char **in, unsigned int length, int ispub)
         int isdss;
 
         if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {
-                PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
+                PEMerror(PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
                 return NULL;
         }
         length -= 16;
         if (length < blob_length(bitlen, isdss, ispub)) {
-                PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
+                PEMerror(PEM_R_KEYBLOB_TOO_SHORT);
                 return NULL;
         }
         if (isdss)
@@ -280,7 +276,7 @@ do_b2i_bio(BIO *in, int ispub)
         EVP_PKEY *ret = NULL;
 
         if (BIO_read(in, hdr_buf, 16) != 16) {
-                PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+                PEMerror(PEM_R_KEYBLOB_TOO_SHORT);
                 return NULL;
         }
         p = hdr_buf;
@@ -290,12 +286,12 @@ do_b2i_bio(BIO *in, int ispub)
         length = blob_length(bitlen, isdss, ispub);
         buf = malloc(length);
         if (!buf) {
-                PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
+                PEMerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         p = buf;
         if (BIO_read(in, buf, length) != (int)length) {
-                PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+                PEMerror(PEM_R_KEYBLOB_TOO_SHORT);
                 goto err;
         }
 
@@ -354,7 +350,7 @@ b2i_dss(const unsigned char **in, unsigned int length, unsigned int bitlen,
         return ret;
 
 memerr:
-        PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
+        PEMerror(ERR_R_MALLOC_FAILURE);
         DSA_free(dsa);
         EVP_PKEY_free(ret);
         BN_CTX_free(ctx);
@@ -404,7 +400,7 @@ b2i_rsa(const unsigned char **in, unsigned int length, unsigned int bitlen,
         return ret;
 
 memerr:
-        PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
+        PEMerror(ERR_R_MALLOC_FAILURE);
         RSA_free(rsa);
         EVP_PKEY_free(ret);
         return NULL;
@@ -566,7 +562,7 @@ check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
         return bitlen;
 
 badkey:
-        PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+        PEMerror(PEM_R_UNSUPPORTED_KEY_COMPONENTS);
         return 0;
 }
 
@@ -600,7 +596,7 @@ check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
         return bitlen;
 
 badkey:
-        PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+        PEMerror(PEM_R_UNSUPPORTED_KEY_COMPONENTS);
         return 0;
 }
 
@@ -665,19 +661,19 @@ do_PVK_header(const unsigned char **in, unsigned int length, int skip_magic,
 
         if (skip_magic) {
                 if (length < 20) {
-                        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+                        PEMerror(PEM_R_PVK_TOO_SHORT);
                         return 0;
                 }
                 length -= 20;
         } else {
                 if (length < 24) {
-                        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+                        PEMerror(PEM_R_PVK_TOO_SHORT);
                         return 0;
                 }
                 length -= 24;
                 pvk_magic = read_ledword(&p);
                 if (pvk_magic != MS_PVKMAGIC) {
-                        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+                        PEMerror(PEM_R_BAD_MAGIC_NUMBER);
                         return 0;
                 }
         }
@@ -688,12 +684,12 @@ do_PVK_header(const unsigned char **in, unsigned int length, int skip_magic,
         *psaltlen = read_ledword(&p);
         *pkeylen = read_ledword(&p);
         if (*psaltlen > 65536 || *pkeylen > 65536) {
-                PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+                PEMerror(PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
                 return 0;
         }
 
         if (is_encrypted && !*psaltlen) {
-                PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
+                PEMerror(PEM_R_INCONSISTENT_HEADER);
                 return 0;
         }
 
@@ -740,12 +736,12 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
                 else
                         inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
                 if (inlen <= 0) {
-                        PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
+                        PEMerror(PEM_R_BAD_PASSWORD_READ);
                         goto err;
                 }
                 enctmp = malloc(keylen + 8);
                 if (!enctmp) {
-                        PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
+                        PEMerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf,
@@ -757,7 +753,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
                 memcpy(enctmp, p, 8);
                 p += 8;
                 if (keylen < 8) {
-                        PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
+                        PEMerror(PEM_R_PVK_TOO_SHORT);
                         goto err;
                 }
                 inlen = keylen - 8;
@@ -783,7 +779,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
                                 goto err;
                         magic = read_ledword((const unsigned char **)&q);
                         if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
-                                PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
+                                PEMerror(PEM_R_BAD_DECRYPT);
                                 goto err;
                         }
                 } else
@@ -811,7 +807,7 @@ b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
         unsigned int saltlen, keylen;
 
         if (BIO_read(in, pvk_hdr, 24) != 24) {
-                PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+                PEMerror(PEM_R_PVK_DATA_TOO_SHORT);
                 return NULL;
         }
         p = pvk_hdr;
@@ -821,12 +817,12 @@ b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
         buflen = keylen + saltlen;
         buf = malloc(buflen);
         if (!buf) {
-                PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
+                PEMerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         p = buf;
         if (BIO_read(in, buf, buflen) != buflen) {
-                PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+                PEMerror(PEM_R_PVK_DATA_TOO_SHORT);
                 goto err;
         }
         ret = do_PVK_body(&p, saltlen, keylen, cb, u);
@@ -861,7 +857,7 @@ i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb,
         else {
                 p = malloc(outlen);
                 if (!p) {
-                        PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
+                        PEMerror(ERR_R_MALLOC_FAILURE);
                         return -1;
                 }
                 *out = p;
@@ -893,7 +889,7 @@ i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb,
                 else
                         inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
                 if (inlen <= 0) {
-                        PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
+                        PEMerror(PEM_R_BAD_PASSWORD_READ);
                         goto error;
                 }
                 if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
@@ -930,7 +926,7 @@ i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u)
         wrlen = BIO_write(out, tmp, outlen);
         free(tmp);
         if (wrlen == outlen) {
-                PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
+                PEMerror(PEM_R_BIO_WRITE_FAILURE);
                 return outlen;
         }
         return -1;
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 954ca03ebb..5642a141f5 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_add.c,v 1.14 2016/12/30 15:34:35 jsing Exp $ */
+/* $OpenBSD: p12_add.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -70,20 +70,17 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
         PKCS12_SAFEBAG *safebag;
 
         if (!(bag = PKCS12_BAGS_new())) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
-                    ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         bag->type = OBJ_nid2obj(nid1);
         if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
-                    ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 PKCS12_BAGS_free(bag);
                 return NULL;
         }
         if (!(safebag = PKCS12_SAFEBAG_new())) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
-                    ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 PKCS12_BAGS_free(bag);
                 return NULL;
         }
@@ -100,7 +97,7 @@ PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
         PKCS12_SAFEBAG *bag;
 
         if (!(bag = PKCS12_SAFEBAG_new())) {
-                PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         bag->type = OBJ_nid2obj(NID_keyBag);
@@ -119,7 +116,7 @@ PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
 
         /* Set up the safe bag */
         if (!(bag = PKCS12_SAFEBAG_new())) {
-                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -132,7 +129,7 @@ PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
 
         if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
             passlen, salt, saltlen, iter, p8))) {
-                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 PKCS12_SAFEBAG_free(bag);
                 return NULL;
         }
@@ -147,18 +144,17 @@ PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
         PKCS7 *p7;
 
         if (!(p7 = PKCS7_new())) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         p7->type = OBJ_nid2obj(NID_pkcs7_data);
         if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA,
-                    PKCS12_R_CANT_PACK_STRUCTURE);
+                PKCS12error(PKCS12_R_CANT_PACK_STRUCTURE);
                 goto err;
         }
         return p7;
@@ -173,8 +169,7 @@ STACK_OF(PKCS12_SAFEBAG) *
 PKCS12_unpack_p7data(PKCS7 *p7)
 {
         if (!PKCS7_type_is_data(p7)) {
-                PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
-                    PKCS12_R_CONTENT_TYPE_NOT_DATA);
+                PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
                 return NULL;
         }
         return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it);
@@ -191,12 +186,11 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
         const EVP_CIPHER *pbe_ciph;
 
         if (!(p7 = PKCS7_new())) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
-                    PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
+                PKCS12error(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
                 goto err;
         }
 
@@ -208,7 +202,7 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
                 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
 
         if (!pbe) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
@@ -216,8 +210,7 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
         ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
         if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt(
             pbe, &PKCS12_SAFEBAGS_it, pass, passlen, bags, 1))) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
-                    PKCS12_R_ENCRYPT_ERROR);
+                PKCS12error(PKCS12_R_ENCRYPT_ERROR);
                 goto err;
         }
 
@@ -257,8 +250,7 @@ STACK_OF(PKCS7) *
 PKCS12_unpack_authsafes(PKCS12 *p12)
 {
         if (!PKCS7_type_is_data(p12->authsafes)) {
-                PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
-                    PKCS12_R_CONTENT_TYPE_NOT_DATA);
+                PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
                 return NULL;
         }
         return ASN1_item_unpack(p12->authsafes->d.data,
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index f2d635fc62..d1f7d71fd3 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_crpt.c,v 1.13 2016/11/08 20:01:06 miod Exp $ */
+/* $OpenBSD: p12_crpt.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -82,20 +82,20 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         /* Extract useful info from parameter */
         if (param == NULL || param->type != V_ASN1_SEQUENCE ||
             param->value.sequence == NULL) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+                PKCS12error(PKCS12_R_DECODE_ERROR);
                 return 0;
         }
 
         pbuf = param->value.sequence->data;
         if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+                PKCS12error(PKCS12_R_DECODE_ERROR);
                 return 0;
         }
 
         if (!pbe->iter)
                 iter = 1;
         else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+                PKCS12error(PKCS12_R_DECODE_ERROR);
                 PBEPARAM_free(pbe);
                 return 0;
         }
@@ -103,13 +103,13 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         saltlen = pbe->salt->length;
         if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
             iter, EVP_CIPHER_key_length(cipher), key, md)) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
+                PKCS12error(PKCS12_R_KEY_GEN_ERROR);
                 PBEPARAM_free(pbe);
                 return 0;
         }
         if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
             iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
+                PKCS12error(PKCS12_R_IV_GEN_ERROR);
                 PBEPARAM_free(pbe);
                 return 0;
         }
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index bef4d54cd9..af2c6afc37 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_crt.c,v 1.16 2015/02/14 12:43:07 miod Exp $ */
+/* $OpenBSD: p12_crt.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -104,8 +104,7 @@ PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                 mac_iter = 1;
 
         if (!pkey && !cert && !ca) {
-                PKCS12err(PKCS12_F_PKCS12_CREATE,
-                    PKCS12_R_INVALID_NULL_ARGUMENT);
+                PKCS12error(PKCS12_R_INVALID_NULL_ARGUMENT);
                 return NULL;
         }
 
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index ad4e0bc660..ca08ee55d5 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_decr.c,v 1.17 2015/09/30 18:41:06 jsing Exp $ */
+/* $OpenBSD: p12_decr.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -79,20 +79,19 @@ PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
         if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
             algor->parameter, &ctx, en_de)) {
                 out = NULL;
-                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
-                    PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+                PKCS12error(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
                 goto err;
         }
 
         if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
                 free(out);
                 out = NULL;
-                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
+                PKCS12error(ERR_R_EVP_LIB);
                 goto err;
         }
 
@@ -100,8 +99,7 @@ PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
         if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
                 free(out);
                 out = NULL;
-                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
-                    PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
+                PKCS12error(PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
                 goto err;
         }
         outlen += i;
@@ -131,8 +129,7 @@ PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
 
         if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
             &out, &outlen, 0)) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
-                    PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+                PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
                 return NULL;
         }
         p = out;
@@ -140,8 +137,7 @@ PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
         if (zbuf)
                 explicit_bzero(out, outlen);
         if (!ret)
-                PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
-                    PKCS12_R_DECODE_ERROR);
+                PKCS12error(PKCS12_R_DECODE_ERROR);
         free(out);
         return ret;
 }
@@ -160,20 +156,17 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
         int inlen;
 
         if (!(oct = ASN1_OCTET_STRING_new ())) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
-                    ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         inlen = ASN1_item_i2d(obj, &in, it);
         if (!in) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
-                    PKCS12_R_ENCODE_ERROR);
+                PKCS12error(PKCS12_R_ENCODE_ERROR);
                 goto err;
         }
         if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
             &oct->length, 1)) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
-                    PKCS12_R_ENCRYPT_ERROR);
+                PKCS12error(PKCS12_R_ENCRYPT_ERROR);
                 goto err;
         }
         if (zbuf)
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
index cd01196b6f..637c430bf4 100644
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ b/src/lib/libcrypto/pkcs12/p12_init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_init.c,v 1.10 2015/09/30 18:41:06 jsing Exp $ */
+/* $OpenBSD: p12_init.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -69,7 +69,7 @@ PKCS12_init(int mode)
         PKCS12 *pkcs12;
 
         if (!(pkcs12 = PKCS12_new())) {
-                PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         ASN1_INTEGER_set(pkcs12->version, 3);
@@ -78,13 +78,12 @@ PKCS12_init(int mode)
         case NID_pkcs7_data:
                 if (!(pkcs12->authsafes->d.data =
                     ASN1_OCTET_STRING_new())) {
-                        PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+                        PKCS12error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 break;
         default:
-                PKCS12err(PKCS12_F_PKCS12_INIT,
-                    PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+                PKCS12error(PKCS12_R_UNSUPPORTED_PKCS12_MODE);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 891f764c23..fd710771a5 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_key.c,v 1.24 2016/11/05 13:02:34 miod Exp $ */
+/* $OpenBSD: p12_key.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -81,7 +81,7 @@ PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
                 unipass = NULL;
                 uniplen = 0;
         } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
-                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
@@ -186,7 +186,7 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
         }
 
 err:
-        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);
+        PKCS12error(ERR_R_MALLOC_FAILURE);
 
 end:
         free(Ai);
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index eb2c3a76d5..102ca3563b 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_kiss.c,v 1.18 2016/12/30 15:08:22 jsing Exp $ */
+/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -87,8 +87,7 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
         /* Check for NULL PKCS12 structure */
 
         if (!p12) {
-                PKCS12err(PKCS12_F_PKCS12_PARSE,
-                    PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+                PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
                 return 0;
         }
 
@@ -111,24 +110,23 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                 else if (PKCS12_verify_mac(p12, "", 0))
                         pass = "";
                 else {
-                        PKCS12err(PKCS12_F_PKCS12_PARSE,
-                            PKCS12_R_MAC_VERIFY_FAILURE);
+                        PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
                         goto err;
                 }
         } else if (!PKCS12_verify_mac(p12, pass, -1)) {
-                PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+                PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
                 goto err;
         }
 
         /* Allocate stack for other certificates */
         ocerts = sk_X509_new_null();
         if (!ocerts) {
-                PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
         if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) {
-                PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);
+                PKCS12error(PKCS12_R_PARSE_ERROR);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index 56a4964a34..f3132ec75f 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_mutl.c,v 1.22 2016/11/08 20:01:06 miod Exp $ */
+/* $OpenBSD: p12_mutl.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -80,8 +80,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
         int md_size;
 
         if (!PKCS7_type_is_data(p12->authsafes)) {
-                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,
-                    PKCS12_R_CONTENT_TYPE_NOT_DATA);
+                PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
                 return 0;
         }
 
@@ -90,13 +89,12 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
         if (!p12->mac->iter)
                 iter = 1;
         else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
-                PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR);
+                PKCS12error(PKCS12_R_DECODE_ERROR);
                 return 0;
         }
         if (!(md_type = EVP_get_digestbyobj(
             p12->mac->dinfo->algor->algorithm))) {
-                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,
-                    PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+                PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
                 return 0;
         }
         md_size = EVP_MD_size(md_type);
@@ -104,7 +102,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                 return 0;
         if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
             md_size, key, md_type)) {
-                PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+                PKCS12error(PKCS12_R_KEY_GEN_ERROR);
                 return 0;
         }
         HMAC_CTX_init(&hmac);
@@ -127,12 +125,11 @@ PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
         unsigned int maclen;
 
         if (p12->mac == NULL) {
-                PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
+                PKCS12error(PKCS12_R_MAC_ABSENT);
                 return 0;
         }
         if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
-                PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,
-                    PKCS12_R_MAC_GENERATION_ERROR);
+                PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
                 return 0;
         }
         if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ||
@@ -154,17 +151,15 @@ PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt,
                 md_type = EVP_sha1();
         if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) ==
             PKCS12_ERROR) {
-                PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
+                PKCS12error(PKCS12_R_MAC_SETUP_ERROR);
                 return 0;
         }
         if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
-                PKCS12err(PKCS12_F_PKCS12_SET_MAC,
-                    PKCS12_R_MAC_GENERATION_ERROR);
+                PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
                 return 0;
         }
         if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
-                PKCS12err(PKCS12_F_PKCS12_SET_MAC,
-                    PKCS12_R_MAC_STRING_SET_ERROR);
+                PKCS12error(PKCS12_R_MAC_STRING_SET_ERROR);
                 return 0;
         }
         return 1;
@@ -179,20 +174,18 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
                 return PKCS12_ERROR;
         if (iter > 1) {
                 if (!(p12->mac->iter = ASN1_INTEGER_new())) {
-                        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC,
-                            ERR_R_MALLOC_FAILURE);
+                        PKCS12error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
-                        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC,
-                            ERR_R_MALLOC_FAILURE);
+                        PKCS12error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
         }
         if (!saltlen)
                 saltlen = PKCS12_SALT_LEN;
         if (!(p12->mac->salt->data = malloc(saltlen))) {
-                PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         p12->mac->salt->length = saltlen;
@@ -202,7 +195,7 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
                 memcpy (p12->mac->salt->data, salt, saltlen);
         p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
         if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
-                PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
index 7803721a26..63b3df17ad 100644
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_npas.c,v 1.11 2016/12/30 15:08:22 jsing Exp $ */
+/* $OpenBSD: p12_npas.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -81,20 +81,19 @@ PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
         /* Check for NULL PKCS12 structure */
 
         if (!p12) {
-                PKCS12err(PKCS12_F_PKCS12_NEWPASS,
-                    PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+                PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
                 return 0;
         }
 
         /* Check the mac */
 
         if (!PKCS12_verify_mac(p12, oldpass, -1)) {
-                PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
+                PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
                 return 0;
         }
 
         if (!newpass_p12(p12, oldpass, newpass)) {
-                PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
+                PKCS12error(PKCS12_R_PARSE_ERROR);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c
index e39d5975d5..5e3fc6486a 100644
--- a/src/lib/libcrypto/pkcs12/p12_p8e.c
+++ b/src/lib/libcrypto/pkcs12/p12_p8e.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_p8e.c,v 1.7 2016/12/30 15:34:35 jsing Exp $ */
+/* $OpenBSD: p12_p8e.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -70,7 +70,7 @@ PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
         X509_ALGOR *pbe;
 
         if (!(p8 = X509_SIG_new())) {
-                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+                PKCS12error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -79,7 +79,7 @@ PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
         else
                 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
         if (!pbe) {
-                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+                PKCS12error(ERR_R_ASN1_LIB);
                 goto err;
         }
         X509_ALGOR_free(p8->algor);
@@ -88,7 +88,7 @@ PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
         p8->digest = PKCS12_item_i2d_encrypt(pbe,
             &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8inf, 1);
         if (!p8->digest) {
-                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+                PKCS12error(PKCS12_R_ENCRYPT_ERROR);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
index 07722f98e1..f882ba7795 100644
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_attr.c,v 1.11 2016/12/30 15:38:13 jsing Exp $ */
+/* $OpenBSD: pk7_attr.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -71,8 +71,7 @@ PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
 {
         ASN1_STRING *seq;
         if (!(seq = ASN1_STRING_new())) {
-                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,
-                    ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
@@ -103,7 +102,7 @@ PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
         X509_ALGOR *alg;
 
         if (!(alg = X509_ALGOR_new())) {
-                PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         ASN1_OBJECT_free(alg->algorithm);
@@ -127,7 +126,7 @@ PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
         return 1;
 
 err:
-        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        PKCS7error(ERR_R_MALLOC_FAILURE);
         X509_ALGOR_free(alg);
         return 0;
 }
@@ -147,8 +146,7 @@ int
 PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
 {
         if (!t && !(t = X509_gmtime_adj(NULL, 0))) {
-                PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
-                    ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index e84eee6d8f..484620a686 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_doit.c,v 1.40 2016/12/30 15:38:13 jsing Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.41 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -110,14 +110,13 @@ PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
         BIO *btmp;
         const EVP_MD *md;
         if ((btmp = BIO_new(BIO_f_md())) == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+                PKCS7error(ERR_R_BIO_LIB);
                 goto err;
         }
 
         md = EVP_get_digestbyobj(alg->algorithm);
         if (md == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,
-                    PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE);
                 goto err;
         }
 
@@ -125,7 +124,7 @@ PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
         if (*pbio == NULL)
                 *pbio = btmp;
         else if (!BIO_push(*pbio, btmp)) {
-                PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+                PKCS7error(ERR_R_BIO_LIB);
                 goto err;
         }
         btmp = NULL;
@@ -160,7 +159,7 @@ pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen)
 
         if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
             EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
-                PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
+                PKCS7error(PKCS7_R_CTRL_ERROR);
                 goto err;
         }
 
@@ -170,7 +169,7 @@ pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen)
         ek = malloc(eklen);
 
         if (ek == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -209,7 +208,7 @@ pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
 
         if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
             EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
+                PKCS7error(PKCS7_R_CTRL_ERROR);
                 goto err;
         }
 
@@ -219,14 +218,14 @@ pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
 
         ek = malloc(eklen);
         if (ek == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         if (EVP_PKEY_decrypt(pctx, ek, &eklen,
             ri->enc_key->data, ri->enc_key->length) <= 0) {
                 ret = 0;
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
+                PKCS7error(ERR_R_EVP_LIB);
                 goto err;
         }
 
@@ -262,7 +261,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
         ASN1_OCTET_STRING *os = NULL;
 
         if (p7 == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+                PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
                 return NULL;
         }
 
@@ -279,7 +278,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
          * an error.
          */
         if (p7->d.ptr == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+                PKCS7error(PKCS7_R_NO_CONTENT);
                 return NULL;
         }
 
@@ -297,8 +296,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                 xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
                 evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
                 if (evp_cipher == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-                            PKCS7_R_CIPHER_NOT_INITIALIZED);
+                        PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED);
                         goto err;
                 }
                 break;
@@ -307,8 +305,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                 xalg = p7->d.enveloped->enc_data->algorithm;
                 evp_cipher = p7->d.enveloped->enc_data->cipher;
                 if (evp_cipher == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-                            PKCS7_R_CIPHER_NOT_INITIALIZED);
+                        PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED);
                         goto err;
                 }
                 break;
@@ -319,8 +316,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
         case NID_pkcs7_data:
                 break;
         default:
-                PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-                    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                 goto err;
         }
 
@@ -338,7 +334,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                 EVP_CIPHER_CTX *ctx;
 
                 if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
+                        PKCS7error(ERR_R_BIO_LIB);
                         goto err;
                 }
                 BIO_get_cipher_ctx(btmp, &ctx);
@@ -440,13 +436,12 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         int eklen = 0, tkeylen = 0;
 
         if (p7 == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                    PKCS7_R_INVALID_NULL_POINTER);
+                PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
                 return NULL;
         }
 
         if (p7->d.ptr == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+                PKCS7error(PKCS7_R_NO_CONTENT);
                 return NULL;
         }
 
@@ -465,8 +460,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                 enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
                 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
                 if (evp_cipher == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                            PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+                        PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
                         goto err;
                 }
                 break;
@@ -476,14 +470,12 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                 data_body = p7->d.enveloped->enc_data->enc_data;
                 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
                 if (evp_cipher == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                            PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+                        PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
                         goto err;
                 }
                 break;
         default:
-                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                 goto err;
         }
 
@@ -492,16 +484,14 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
                         xa = sk_X509_ALGOR_value(md_sk, i);
                         if ((btmp = BIO_new(BIO_f_md())) == NULL) {
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                    ERR_R_BIO_LIB);
+                                PKCS7error(ERR_R_BIO_LIB);
                                 goto err;
                         }
 
                         j = OBJ_obj2nid(xa->algorithm);
                         evp_md = EVP_get_digestbynid(j);
                         if (evp_md == NULL) {
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                    PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                                PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE);
                                 goto err;
                         }
 
@@ -516,7 +506,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 
         if (evp_cipher != NULL) {
                 if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+                        PKCS7error(ERR_R_BIO_LIB);
                         goto err;
                 }
 
@@ -534,8 +524,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                                 ri = NULL;
                         }
                         if (ri == NULL) {
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                    PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+                                PKCS7error(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
                                 goto err;
                         }
                 }
@@ -659,14 +648,12 @@ PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
         for (;;) {
                 bio = BIO_find_type(bio, BIO_TYPE_MD);
                 if (bio == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
-                            PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                        PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
                         return NULL;
                 }
                 BIO_get_md_ctx(bio, pmd);
                 if (*pmd == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
-                            ERR_R_INTERNAL_ERROR);
+                        PKCS7error(ERR_R_INTERNAL_ERROR);
                         return NULL;
                 }
                 if (EVP_MD_CTX_type(*pmd) == nid)
@@ -685,19 +672,18 @@ do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
         /* Add signing time if not already present */
         if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
                 if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
-                        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB,
-                            ERR_R_MALLOC_FAILURE);
+                        PKCS7error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
         }
 
         /* Add digest */
         if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
-                PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
+                PKCS7error(ERR_R_EVP_LIB);
                 return 0;
         }
         if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
-                PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
@@ -722,13 +708,12 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         ASN1_OCTET_STRING *os = NULL;
 
         if (p7 == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-                    PKCS7_R_INVALID_NULL_POINTER);
+                PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
                 return 0;
         }
 
         if (p7->d.ptr == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+                PKCS7error(PKCS7_R_NO_CONTENT);
                 return 0;
         }
 
@@ -747,8 +732,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                 if (!os) {
                         os = ASN1_OCTET_STRING_new();
                         if (!os) {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-                                    ERR_R_MALLOC_FAILURE);
+                                PKCS7error(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         p7->d.signed_and_enveloped->enc_data->enc_data = os;
@@ -760,8 +744,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                 if (!os) {
                         os = ASN1_OCTET_STRING_new();
                         if (!os) {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-                                    ERR_R_MALLOC_FAILURE);
+                                PKCS7error(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         p7->d.enveloped->enc_data->enc_data = os;
@@ -771,7 +754,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                 si_sk = p7->d.sign->signer_info;
                 os = PKCS7_get_octet_string(p7->d.sign->contents);
                 if (!PKCS7_is_detached(p7) && os == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR);
+                        PKCS7error(PKCS7_R_DECODE_ERROR);
                         goto err;
                 }
                 /* If detached data then the content is excluded */
@@ -785,7 +768,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         case NID_pkcs7_digest:
                 os = PKCS7_get_octet_string(p7->d.digest->contents);
                 if (os == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR);
+                        PKCS7error(PKCS7_R_DECODE_ERROR);
                         goto err;
                 }
                 /* If detached data then the content is excluded */
@@ -798,8 +781,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                 break;
 
         default:
-                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-                    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                 goto err;
         }
 
@@ -836,8 +818,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 
                                 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
                                     si->pkey)) {
-                                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-                                            ERR_R_EVP_LIB);
+                                        PKCS7error(ERR_R_EVP_LIB);
                                         goto err;
                                 }
                                 ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
@@ -870,8 +851,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 
                         btmp = BIO_find_type(bio, BIO_TYPE_MEM);
                         if (btmp == NULL) {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-                                    PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+                                PKCS7error(PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
                                 goto err;
                         }
                         contlen = BIO_get_mem_data(btmp, &cont);
@@ -910,7 +890,7 @@ PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
 
         if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
             EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
-                PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+                PKCS7error(PKCS7_R_CTRL_ERROR);
                 goto err;
         }
 
@@ -932,7 +912,7 @@ PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
 
         if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
             EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
-                PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+                PKCS7error(PKCS7_R_CTRL_ERROR);
                 goto err;
         }
 
@@ -958,13 +938,12 @@ PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
         X509 *x509;
 
         if (p7 == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
-                    PKCS7_R_INVALID_NULL_POINTER);
+                PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
                 return 0;
         }
 
         if (p7->d.ptr == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+                PKCS7error(PKCS7_R_NO_CONTENT);
                 return 0;
         }
 
@@ -973,7 +952,7 @@ PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
         } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
                 cert = p7->d.signed_and_enveloped->cert;
         } else {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+                PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE);
                 goto err;
         }
         /* XXXX */
@@ -983,14 +962,13 @@ PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
 
         /* were we able to find the cert in passed to us */
         if (x509 == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
-                    PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+                PKCS7error(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
                 goto err;
         }
 
         /* Lets verify */
         if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+                PKCS7error(ERR_R_X509_LIB);
                 goto err;
         }
         if (X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN) == 0) {
@@ -999,7 +977,7 @@ PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
         }
         i = X509_verify_cert(ctx);
         if (i <= 0) {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+                PKCS7error(ERR_R_X509_LIB);
                 X509_STORE_CTX_cleanup(ctx);
                 goto err;
         }
@@ -1026,8 +1004,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
 
         if (!PKCS7_type_is_signed(p7) &&
             !PKCS7_type_is_signedAndEnveloped(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                    PKCS7_R_WRONG_PKCS7_TYPE);
+                PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE);
                 goto err;
         }
 
@@ -1037,14 +1014,12 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
         for (;;) {
                 if ((btmp == NULL) ||
                     ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
-                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                            PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                        PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
                         goto err;
                 }
                 BIO_get_md_ctx(btmp, &mdc);
                 if (mdc == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                            ERR_R_INTERNAL_ERROR);
+                        PKCS7error(ERR_R_INTERNAL_ERROR);
                         goto err;
                 }
                 if (EVP_MD_CTX_type(mdc) == md_type)
@@ -1073,14 +1048,12 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
                         goto err;
                 message_digest = PKCS7_digest_from_attributes(sk);
                 if (!message_digest) {
-                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                            PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                        PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
                         goto err;
                 }
                 if ((message_digest->length != (int)md_len) ||
                     (memcmp(message_digest->data, md_dat, md_len))) {
-                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                            PKCS7_R_DIGEST_FAILURE);
+                        PKCS7error(PKCS7_R_DIGEST_FAILURE);
                         ret = -1;
                         goto err;
                 }
@@ -1092,7 +1065,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
                 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
                     &PKCS7_ATTR_VERIFY_it);
                 if (alen <= 0) {
-                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
+                        PKCS7error(ERR_R_ASN1_LIB);
                         ret = -1;
                         goto err;
                 }
@@ -1112,8 +1085,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
         i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
         EVP_PKEY_free(pkey);
         if (i <= 0) {
-                PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                    PKCS7_R_SIGNATURE_FAILURE);
+                PKCS7error(PKCS7_R_SIGNATURE_FAILURE);
                 ret = -1;
                 goto err;
         } else
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index b3dc068f3d..dc407dad55 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_lib.c,v 1.18 2015/09/30 18:41:06 jsing Exp $ */
+/* $OpenBSD: pk7_lib.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -83,8 +83,7 @@ PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
                                 p7->d.sign->contents->d.data = NULL;
                         }
                 } else {
-                        PKCS7err(PKCS7_F_PKCS7_CTRL,
-                            PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+                        PKCS7error(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
                         ret = 0;
                 }
                 break;
@@ -97,14 +96,13 @@ PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 
                         p7->detached = ret;
                 } else {
-                        PKCS7err(PKCS7_F_PKCS7_CTRL,
-                            PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+                        PKCS7error(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
                         ret = 0;
                 }
 
                 break;
         default:
-                PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
+                PKCS7error(PKCS7_R_UNKNOWN_OPERATION);
                 ret = 0;
         }
         return (ret);
@@ -151,8 +149,7 @@ PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
         case NID_pkcs7_signedAndEnveloped:
         case NID_pkcs7_encrypted:
         default:
-                PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,
-                    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                 goto err;
         }
         return (1);
@@ -222,8 +219,7 @@ PKCS7_set_type(PKCS7 *p7, int type)
                         goto err;
                 break;
         default:
-                PKCS7err(PKCS7_F_PKCS7_SET_TYPE,
-                    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                 goto err;
         }
         return (1);
@@ -258,7 +254,7 @@ PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
                 md_sk = p7->d.signed_and_enveloped->md_algs;
                 break;
         default:
-                PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
                 return (0);
         }
 
@@ -278,8 +274,7 @@ PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
                 if (!(alg = X509_ALGOR_new()) ||
                     !(alg->parameter = ASN1_TYPE_new())) {
                         X509_ALGOR_free(alg);
-                        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,
-                            ERR_R_MALLOC_FAILURE);
+                        PKCS7error(ERR_R_MALLOC_FAILURE);
                         return (0);
                 }
                 alg->algorithm = OBJ_nid2obj(nid);
@@ -310,15 +305,14 @@ PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
                 sk = &(p7->d.signed_and_enveloped->cert);
                 break;
         default:
-                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,
-                    PKCS7_R_WRONG_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
                 return (0);
         }
 
         if (*sk == NULL)
                 *sk = sk_X509_new_null();
         if (*sk == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
@@ -344,14 +338,14 @@ PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
                 sk = &(p7->d.signed_and_enveloped->crl);
                 break;
         default:
-                PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
                 return (0);
         }
 
         if (*sk == NULL)
                 *sk = sk_X509_CRL_new_null();
         if (*sk == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
@@ -398,13 +392,11 @@ PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                 if (ret > 0)
                         return 1;
                 if (ret != -2) {
-                        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
-                            PKCS7_R_SIGNING_CTRL_FAILURE);
+                        PKCS7error(PKCS7_R_SIGNING_CTRL_FAILURE);
                         return 0;
                 }
         }
-        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
-            PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        PKCS7error(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 err:
         return 0;
 }
@@ -420,8 +412,7 @@ PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst)
                         goto err;
                 dgst = EVP_get_digestbynid(def_nid);
                 if (dgst == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE,
-                            PKCS7_R_NO_DEFAULT_DIGEST);
+                        PKCS7error(PKCS7_R_NO_DEFAULT_DIGEST);
                         goto err;
                 }
         }
@@ -444,8 +435,7 @@ PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
 {
         if (PKCS7_type_is_digest(p7)) {
                 if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) {
-                        PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,
-                            ERR_R_MALLOC_FAILURE);
+                        PKCS7error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 p7->d.digest->md->parameter->type = V_ASN1_NULL;
@@ -453,7 +443,7 @@ PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
                 return 1;
         }
 
-        PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
+        PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
         return 1;
 }
 
@@ -522,8 +512,7 @@ PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
                 sk = p7->d.enveloped->recipientinfo;
                 break;
         default:
-                PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
-                    PKCS7_R_WRONG_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
                 return (0);
         }
 
@@ -551,21 +540,18 @@ PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
         pkey = X509_get_pubkey(x509);
 
         if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
-                PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
-                    PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+                PKCS7error(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
                 goto err;
         }
 
         ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
             0, p7i);
         if (ret == -2) {
-                PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
-                    PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+                PKCS7error(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
                 goto err;
         }
         if (ret <= 0) {
-                PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
-                    PKCS7_R_ENCRYPTION_CTRL_FAILURE);
+                PKCS7error(PKCS7_R_ENCRYPTION_CTRL_FAILURE);
                 goto err;
         }
 
@@ -607,15 +593,14 @@ PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
                 ec = p7->d.enveloped->enc_data;
                 break;
         default:
-                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
                 return (0);
         }
 
         /* Check cipher OID exists and has data in it*/
         i = EVP_CIPHER_type(cipher);
         if (i == NID_undef) {
-                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
-                    PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+                PKCS7error(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
                 return (0);
         }
 
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index a2f23b37f3..bf9f2dd82a 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_smime.c,v 1.21 2016/11/05 15:19:07 miod Exp $ */
+/* $OpenBSD: pk7_smime.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -74,7 +74,7 @@ PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
         int i;
 
         if (!(p7 = PKCS7_new())) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -85,7 +85,7 @@ PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
                 goto err;
 
         if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
+                PKCS7error(PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
                 goto err;
         }
 
@@ -117,7 +117,7 @@ PKCS7_final(PKCS7 *p7, BIO *data, int flags)
         int ret = 0;
 
         if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
-                PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
@@ -126,7 +126,7 @@ PKCS7_final(PKCS7 *p7, BIO *data, int flags)
         (void)BIO_flush(p7bio);
 
         if (!PKCS7_dataFinal(p7, p7bio)) {
-                PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN);
+                PKCS7error(PKCS7_R_PKCS7_DATASIGN);
                 goto err;
         }
 
@@ -164,14 +164,12 @@ PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
         STACK_OF(X509_ALGOR) *smcap = NULL;
 
         if (!X509_check_private_key(signcert, pkey)) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
-                    PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                PKCS7error(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
                 return NULL;
         }
 
         if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
-                    PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+                PKCS7error(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
                 return NULL;
         }
 
@@ -186,8 +184,7 @@ PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
                 /* Add SMIMECapabilities */
                 if (!(flags & PKCS7_NOSMIMECAP)) {
                         if (!(smcap = sk_X509_ALGOR_new_null())) {
-                                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
-                                    ERR_R_MALLOC_FAILURE);
+                                PKCS7error(ERR_R_MALLOC_FAILURE);
                                 goto err;
                         }
                         if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
@@ -253,8 +250,7 @@ pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
         if (osdig)
                 return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
 
-        PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
-            PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
+        PKCS7error(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
         return 0;
 }
 
@@ -273,18 +269,18 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
         BIO *tmpin, *tmpout;
 
         if (!p7) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
+                PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
                 return 0;
         }
 
         if (!PKCS7_type_is_signed(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
                 return 0;
         }
 
         /* Check for no data and no content: no data to verify signature */
         if (PKCS7_get_detached(p7) && !indata) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
+                PKCS7error(PKCS7_R_NO_CONTENT);
                 return 0;
         }
 
@@ -294,14 +290,14 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
          */
         /* Check for data and content: two sets of data */
         if (!PKCS7_get_detached(p7) && indata) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
+                PKCS7error(PKCS7_R_CONTENT_AND_DATA_PRESENT);
                 return 0;
         }
 
         sinfos = PKCS7_get_signer_info(p7);
 
         if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
+                PKCS7error(PKCS7_R_NO_SIGNATURES_ON_DATA);
                 return 0;
         }
 
@@ -319,8 +315,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
                         if  (!(flags & PKCS7_NOCHAIN)) {
                                 if (!X509_STORE_CTX_init(&cert_ctx, store,
                                     signer, p7->d.sign->cert)) {
-                                        PKCS7err(PKCS7_F_PKCS7_VERIFY,
-                                            ERR_R_X509_LIB);
+                                        PKCS7error(ERR_R_X509_LIB);
                                         sk_X509_free(signers);
                                         return 0;
                                 }
@@ -331,7 +326,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
                                 }
                         } else if (!X509_STORE_CTX_init(&cert_ctx, store,
                             signer, NULL)) {
-                                PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+                                PKCS7error(ERR_R_X509_LIB);
                                 sk_X509_free(signers);
                                 return 0;
                         }
@@ -342,8 +337,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
                                 j = X509_STORE_CTX_get_error(&cert_ctx);
                         X509_STORE_CTX_cleanup(&cert_ctx);
                         if (i <= 0) {
-                                PKCS7err(PKCS7_F_PKCS7_VERIFY,
-                                    PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+                                PKCS7error(PKCS7_R_CERTIFICATE_VERIFY_ERROR);
                                 ERR_asprintf_error_data("Verify error:%s",
                                     X509_verify_cert_error_string(j));
                                 sk_X509_free(signers);
@@ -366,7 +360,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
                 len = BIO_get_mem_data(indata, &ptr);
                 tmpin = BIO_new_mem_buf(ptr, len);
                 if (tmpin == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+                        PKCS7error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
         } else
@@ -378,7 +372,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
 
         if (flags & PKCS7_TEXT) {
                 if (!(tmpout = BIO_new(BIO_s_mem()))) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+                        PKCS7error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 BIO_set_mem_eof_return(tmpout, 0);
@@ -396,8 +390,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
 
         if (flags & PKCS7_TEXT) {
                 if (!SMIME_text(tmpout, out)) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,
-                            PKCS7_R_SMIME_TEXT_ERROR);
+                        PKCS7error(PKCS7_R_SMIME_TEXT_ERROR);
                         BIO_free(tmpout);
                         goto err;
                 }
@@ -411,8 +404,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
                         signer = sk_X509_value (signers, i);
                         j = PKCS7_signatureVerify(p7bio, p7, si, signer);
                         if (j <= 0) {
-                                PKCS7err(PKCS7_F_PKCS7_VERIFY,
-                                    PKCS7_R_SIGNATURE_FAILURE);
+                                PKCS7error(PKCS7_R_SIGNATURE_FAILURE);
                                 goto err;
                         }
                 }
@@ -441,26 +433,24 @@ PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
         int i;
 
         if (!p7) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
-                    PKCS7_R_INVALID_NULL_POINTER);
+                PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
                 return NULL;
         }
 
         if (!PKCS7_type_is_signed(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
-                    PKCS7_R_WRONG_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
                 return NULL;
         }
 
         /* Collect all the signers together */
         sinfos = PKCS7_get_signer_info(p7);
         if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
+                PKCS7error(PKCS7_R_NO_SIGNERS);
                 return 0;
         }
 
         if (!(signers = sk_X509_new_null())) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -477,8 +467,7 @@ PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
                             X509_find_by_issuer_and_serial(p7->d.sign->cert,
                               ias->issuer, ias->serial);
                 if (!signer) {
-                        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
-                            PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+                        PKCS7error(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
                         sk_X509_free(signers);
                         return 0;
                 }
@@ -503,22 +492,21 @@ PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
         X509 *x509;
 
         if (!(p7 = PKCS7_new())) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
+                PKCS7error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
         if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
                 goto err;
         if (!PKCS7_set_cipher(p7, cipher)) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
+                PKCS7error(PKCS7_R_ERROR_SETTING_CIPHER);
                 goto err;
         }
 
         for (i = 0; i < sk_X509_num(certs); i++) {
                 x509 = sk_X509_value(certs, i);
                 if (!PKCS7_add_recipient(p7, x509)) {
-                        PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
-                            PKCS7_R_ERROR_ADDING_RECIPIENT);
+                        PKCS7error(PKCS7_R_ERROR_ADDING_RECIPIENT);
                         goto err;
                 }
         }
@@ -543,23 +531,22 @@ PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
         char buf[4096];
 
         if (!p7) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
+                PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
                 return 0;
         }
 
         if (!PKCS7_type_is_enveloped(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
+                PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
                 return 0;
         }
 
         if (cert && !X509_check_private_key(cert, pkey)) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT,
-                    PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                PKCS7error(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
                 return 0;
         }
 
         if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+                PKCS7error(PKCS7_R_DECRYPT_ERROR);
                 return 0;
         }
 
@@ -568,7 +555,7 @@ PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
 
                 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
                 if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
-                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+                        PKCS7error(ERR_R_MALLOC_FAILURE);
                         BIO_free_all(tmpmem);
                         return 0;
                 }
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index 3f91fcb37b..1ac00be773 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rand_err.c,v 1.14 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: rand_err.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -72,9 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
 
 static ERR_STRING_DATA RAND_str_functs[] = {
-        {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
-        {ERR_FUNC(RAND_F_RAND_INIT_FIPS),       "RAND_init_fips"},
-        {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),    "SSLEAY_RAND_BYTES"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index aa911251cc..ec8a71b7b9 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.17 2016/12/30 15:47:07 jsing Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -96,7 +96,7 @@ rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
         if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
                 return 0;
         if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
-                RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
+                RSAerror(ERR_R_RSA_LIB);
                 return 0;
         }
         EVP_PKEY_assign_RSA (pkey, rsa);
@@ -118,7 +118,7 @@ old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
         RSA *rsa;
 
         if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) {
-                RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+                RSAerror(ERR_R_RSA_LIB);
                 return 0;
         }
         EVP_PKEY_assign_RSA(pkey, rsa);
@@ -140,13 +140,13 @@ rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
         rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
 
         if (rklen <= 0) {
-                RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
         if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
             V_ASN1_NULL, NULL, rk, rklen)) {
-                RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
@@ -216,7 +216,7 @@ do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
 
         m = malloc(buf_len + 10);
         if (m == NULL) {
-                RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -450,7 +450,7 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
 
         /* Sanity check: make sure it is PSS */
         if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
-                RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+                RSAerror(RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
                 return -1;
         }
 
@@ -458,25 +458,22 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
         pss = rsa_pss_decode(sigalg, &maskHash);
 
         if (pss == NULL) {
-                RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
+                RSAerror(RSA_R_INVALID_PSS_PARAMETERS);
                 goto err;
         }
         /* Check mask and lookup mask hash algorithm */
         if (pss->maskGenAlgorithm) {
                 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
-                        RSAerr(RSA_F_RSA_ITEM_VERIFY,
-                            RSA_R_UNSUPPORTED_MASK_ALGORITHM);
+                        RSAerror(RSA_R_UNSUPPORTED_MASK_ALGORITHM);
                         goto err;
                 }
                 if (!maskHash) {
-                        RSAerr(RSA_F_RSA_ITEM_VERIFY,
-                            RSA_R_UNSUPPORTED_MASK_PARAMETER);
+                        RSAerror(RSA_R_UNSUPPORTED_MASK_PARAMETER);
                         goto err;
                 }
                 mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
                 if (mgf1md == NULL) {
-                        RSAerr(RSA_F_RSA_ITEM_VERIFY,
-                            RSA_R_UNKNOWN_MASK_DIGEST);
+                        RSAerror(RSA_R_UNKNOWN_MASK_DIGEST);
                         goto err;
                 }
         } else
@@ -485,7 +482,7 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
         if (pss->hashAlgorithm) {
                 md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
                 if (md == NULL) {
-                        RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
+                        RSAerror(RSA_R_UNKNOWN_PSS_DIGEST);
                         goto err;
                 }
         } else
@@ -498,8 +495,7 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                  * RSA routines will trap other invalid values anyway.
                  */
                 if (saltlen < 0) {
-                        RSAerr(RSA_F_RSA_ITEM_VERIFY,
-                            RSA_R_INVALID_SALT_LENGTH);
+                        RSAerror(RSA_R_INVALID_SALT_LENGTH);
                         goto err;
                 }
         } else
@@ -509,7 +505,7 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
          * and PKCS#1 says we should reject any other value anyway.
          */
         if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
-                RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
+                RSAerror(RSA_R_INVALID_TRAILER);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
index dd9104f304..5345d31df9 100644
--- a/src/lib/libcrypto/rsa/rsa_chk.c
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_chk.c,v 1.12 2017/01/25 06:15:44 beck Exp $ */
+/* $OpenBSD: rsa_chk.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
@@ -63,7 +63,7 @@ RSA_check_key(const RSA *key)
         int ret = 1;
 
         if (!key->p || !key->q || !key->n || !key->e || !key->d) {
-                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
+                RSAerror(RSA_R_VALUE_MISSING);
                 return 0;
         }
 
@@ -76,7 +76,7 @@ RSA_check_key(const RSA *key)
         if (i == NULL || j == NULL || k == NULL || l == NULL || m == NULL ||
             ctx == NULL) {
                 ret = -1;
-                RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -86,7 +86,7 @@ RSA_check_key(const RSA *key)
                 ret = r;
                 if (r != 0)
                         goto err;
-                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
+                RSAerror(RSA_R_P_NOT_PRIME);
         }
 
         /* q prime? */
@@ -95,7 +95,7 @@ RSA_check_key(const RSA *key)
                 ret = r;
                 if (r != 0)
                         goto err;
-                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
+                RSAerror(RSA_R_Q_NOT_PRIME);
         }
 
         /* n = p*q? */
@@ -107,7 +107,7 @@ RSA_check_key(const RSA *key)
 
         if (BN_cmp(i, key->n) != 0) {
                 ret = 0;
-                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+                RSAerror(RSA_R_N_DOES_NOT_EQUAL_P_Q);
         }
 
         /* d*e = 1  mod lcm(p-1,q-1)? */
@@ -148,7 +148,7 @@ RSA_check_key(const RSA *key)
 
         if (!BN_is_one(i)) {
                 ret = 0;
-                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+                RSAerror(RSA_R_D_E_NOT_CONGRUENT_TO_1);
         }
 
         if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
@@ -167,8 +167,7 @@ RSA_check_key(const RSA *key)
 
                 if (BN_cmp(j, key->dmp1) != 0) {
                         ret = 0;
-                        RSAerr(RSA_F_RSA_CHECK_KEY,
-                            RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+                        RSAerror(RSA_R_DMP1_NOT_CONGRUENT_TO_D);
                 }
 
                 /* dmq1 = d mod (q-1)? */
@@ -186,8 +185,7 @@ RSA_check_key(const RSA *key)
 
                 if (BN_cmp(j, key->dmq1) != 0) {
                         ret = 0;
-                        RSAerr(RSA_F_RSA_CHECK_KEY,
-                            RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+                        RSAerror(RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
                 }
 
                 /* iqmp = q^-1 mod p? */
@@ -198,8 +196,7 @@ RSA_check_key(const RSA *key)
 
                 if (BN_cmp(i, key->iqmp) != 0) {
                         ret = 0;
-                        RSAerr(RSA_F_RSA_CHECK_KEY,
-                            RSA_R_IQMP_NOT_INVERSE_OF_Q);
+                        RSAerror(RSA_R_IQMP_NOT_INVERSE_OF_Q);
                 }
         }
 
diff --git a/src/lib/libcrypto/rsa/rsa_crpt.c b/src/lib/libcrypto/rsa/rsa_crpt.c
index 8063a83263..f0c925602f 100644
--- a/src/lib/libcrypto/rsa/rsa_crpt.c
+++ b/src/lib/libcrypto/rsa/rsa_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_crpt.c,v 1.17 2017/01/21 11:00:47 beck Exp $ */
+/* $OpenBSD: rsa_crpt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -187,8 +187,7 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
         if (rsa->e == NULL) {
                 e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
                 if (e == NULL) {
-                        RSAerr(RSA_F_RSA_SETUP_BLINDING,
-                            RSA_R_NO_PUBLIC_EXPONENT);
+                        RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
                         goto err;
                 }
         } else
@@ -201,7 +200,7 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
             rsa->_method_mod_n);
 
         if (ret == NULL) {
-                RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
+                RSAerror(ERR_R_BN_LIB);
                 goto err;
         }
         CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index c4da147ddf..90a3be8dd3 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_eay.c,v 1.45 2017/01/21 10:38:29 beck Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.46 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -160,19 +160,19 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
         BN_CTX *ctx = NULL;
 
         if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+                RSAerror(RSA_R_MODULUS_TOO_LARGE);
                 return -1;
         }
 
         if (BN_ucmp(rsa->n, rsa->e) <= 0) {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+                RSAerror(RSA_R_BAD_E_VALUE);
                 return -1;
         }
 
         /* for large moduli, enforce exponent limit */
         if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
                 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
-                        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+                        RSAerror(RSA_R_BAD_E_VALUE);
                         return -1;
                 }
         }
@@ -187,7 +187,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
         buf = malloc(num);
 
         if (f == NULL || ret == NULL || buf == NULL) {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -207,8 +207,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                 i = RSA_padding_add_none(buf, num, from, flen);
                 break;
         default:
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
-                    RSA_R_UNKNOWN_PADDING_TYPE);
+                RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
                 goto err;
         }
         if (i <= 0)
@@ -219,8 +218,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
 
         if (BN_ucmp(f, rsa->n) >= 0) {
                 /* usually the padding functions would catch this */
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
-                    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                 goto err;
         }
 
@@ -374,7 +372,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
         buf = malloc(num);
 
         if (f == NULL || ret == NULL || buf == NULL) {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -390,8 +388,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
                 break;
         case RSA_SSLV23_PADDING:
         default:
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
-                    RSA_R_UNKNOWN_PADDING_TYPE);
+                RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
                 goto err;
         }
         if (i <= 0)
@@ -402,24 +399,21 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
 
         if (BN_ucmp(f, rsa->n) >= 0) {
                 /* usually the padding functions would catch this */
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
-                    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                 goto err;
         }
 
         if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
                 blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
                 if (blinding == NULL) {
-                        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
-                            ERR_R_INTERNAL_ERROR);
+                        RSAerror(ERR_R_INTERNAL_ERROR);
                         goto err;
                 }
         }
 
         if (blinding != NULL) {
                 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
-                        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
-                            ERR_R_MALLOC_FAILURE);
+                        RSAerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
@@ -509,15 +503,14 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
         buf = malloc(num);
 
         if (!f || !ret || !buf) {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         /* This check was for equality but PGP does evil things
          * and chops off the top '0' bytes */
         if (flen > num) {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-                    RSA_R_DATA_GREATER_THAN_MOD_LEN);
+                RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN);
                 goto err;
         }
 
@@ -526,24 +519,21 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
                 goto err;
 
         if (BN_ucmp(f, rsa->n) >= 0) {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-                    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                 goto err;
         }
 
         if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
                 blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
                 if (blinding == NULL) {
-                        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-                            ERR_R_INTERNAL_ERROR);
+                        RSAerror(ERR_R_INTERNAL_ERROR);
                         goto err;
                 }
         }
 
         if (blinding != NULL) {
                 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
-                        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-                            ERR_R_MALLOC_FAILURE);
+                        RSAerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
@@ -596,13 +586,11 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
                 r = RSA_padding_check_none(to, num, buf, j, num);
                 break;
         default:
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-                    RSA_R_UNKNOWN_PADDING_TYPE);
+                RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
                 goto err;
         }
         if (r < 0)
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-                    RSA_R_PADDING_CHECK_FAILED);
+                RSAerror(RSA_R_PADDING_CHECK_FAILED);
 
 err:
         if (ctx != NULL) {
@@ -628,19 +616,19 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
         BN_CTX *ctx = NULL;
 
         if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+                RSAerror(RSA_R_MODULUS_TOO_LARGE);
                 return -1;
         }
 
         if (BN_ucmp(rsa->n, rsa->e) <= 0) {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+                RSAerror(RSA_R_BAD_E_VALUE);
                 return -1;
         }
 
         /* for large moduli, enforce exponent limit */
         if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
                 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
-                        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+                        RSAerror(RSA_R_BAD_E_VALUE);
                         return -1;
                 }
         }
@@ -655,15 +643,14 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
         buf = malloc(num);
 
         if (!f || !ret || !buf) {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         /* This check was for equality but PGP does evil things
          * and chops off the top '0' bytes */
         if (flen > num) {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
-                    RSA_R_DATA_GREATER_THAN_MOD_LEN);
+                RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN);
                 goto err;
         }
 
@@ -671,8 +658,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
                 goto err;
 
         if (BN_ucmp(f, rsa->n) >= 0) {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
-                    RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                 goto err;
         }
 
@@ -703,13 +689,11 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
                 r = RSA_padding_check_none(to, num, buf, i, num);
                 break;
         default:
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
-                    RSA_R_UNKNOWN_PADDING_TYPE);
+                RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
                 goto err;
         }
         if (r < 0)
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
-                    RSA_R_PADDING_CHECK_FAILED);
+                RSAerror(RSA_R_PADDING_CHECK_FAILED);
 
 err:
         if (ctx != NULL) {
@@ -735,7 +719,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
         m1 = BN_CTX_get(ctx);
         vrfy = BN_CTX_get(ctx);
         if (r1 == NULL || m1 == NULL || vrfy == NULL) {
-                RSAerr(RSA_F_RSA_EAY_MOD_EXP, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index 81622c6099..c2b197c581 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_err.c,v 1.16 2015/02/15 14:35:30 miod Exp $ */
+/* $OpenBSD: rsa_err.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -72,64 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
 
 static ERR_STRING_DATA RSA_str_functs[] = {
-        {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"},
-        {ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"},
-        {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"},
-        {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
-        {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"},
-        {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
-        {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"},
-        {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
-        {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "PKEY_RSA_VERIFY"},
-        {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"},
-        {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
-        {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
-        {ERR_FUNC(RSA_F_RSA_EAY_MOD_EXP), "RSA_EAY_MOD_EXP"},
-        {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
-        {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
-        {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
-        {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
-        {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
-        {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"},
-        {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"},
-        {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
-        {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
-        {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
-        {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
-        {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"},
-        {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"},
-        {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"},
-        {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1), "RSA_padding_add_PKCS1_PSS_mgf1"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
-        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
-        {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
-        {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
-        {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"},
-        {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
-        {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
-        {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"},
-        {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
-        {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
-        {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
-        {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
-        {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
-        {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
-        {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
-        {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
-        {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
-        {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index e09dccb4a8..596eb8eb78 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_gen.c,v 1.21 2017/01/25 06:15:44 beck Exp $ */
+/* $OpenBSD: rsa_gen.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -162,8 +162,7 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
                     ++degenerate < 3);
                 if (degenerate == 3) {
                         ok = 0; /* we set our own err */
-                        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,
-                            RSA_R_KEY_SIZE_TOO_SMALL);
+                        RSAerror(RSA_R_KEY_SIZE_TOO_SMALL);
                         goto err;
                 }
                 if (!BN_sub(r2, rsa->q, BN_value_one()))
@@ -219,7 +218,7 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         ok = 1;
 err:
         if (ok == -1) {
-                RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
+                RSAerror(ERR_LIB_BN);
                 ok = 0;
         }
         if (ctx != NULL) {
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 51dc94a134..31ea418427 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_lib.c,v 1.30 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: rsa_lib.c,v 1.31 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -132,7 +132,7 @@ RSA_new_method(ENGINE *engine)
 
         ret = malloc(sizeof(RSA));
         if (ret == NULL) {
-                RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -140,7 +140,7 @@ RSA_new_method(ENGINE *engine)
 #ifndef OPENSSL_NO_ENGINE
         if (engine) {
                 if (!ENGINE_init(engine)) {
-                        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        RSAerror(ERR_R_ENGINE_LIB);
                         free(ret);
                         return NULL;
                 }
@@ -150,7 +150,7 @@ RSA_new_method(ENGINE *engine)
         if (ret->engine) {
                 ret->meth = ENGINE_get_RSA(ret->engine);
                 if (!ret->meth) {
-                        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        RSAerror(ERR_R_ENGINE_LIB);
                         ENGINE_finish(ret->engine);
                         free(ret);
                         return NULL;
diff --git a/src/lib/libcrypto/rsa/rsa_none.c b/src/lib/libcrypto/rsa/rsa_none.c
index 5222b3c1eb..13d3449a9f 100644
--- a/src/lib/libcrypto/rsa/rsa_none.c
+++ b/src/lib/libcrypto/rsa/rsa_none.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_none.c,v 1.10 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: rsa_none.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -68,14 +68,12 @@ RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *from,
     int flen)
 {
         if (flen > tlen) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_NONE,
-                    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
 
         if (flen < tlen) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_NONE,
-                    RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
+                RSAerror(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
                 return 0;
         }
 
@@ -88,7 +86,7 @@ RSA_padding_check_none(unsigned char *to, int tlen, const unsigned char *from,
     int flen, int num)
 {
         if (flen > tlen) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE);
+                RSAerror(RSA_R_DATA_TOO_LARGE);
                 return -1;
         }
 
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 86e2bfc34f..cd7af203b7 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_oaep.c,v 1.25 2015/06/20 12:01:14 jsing Exp $ */
+/* $OpenBSD: rsa_oaep.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Ulf Moeller. This software is distributed on an "AS IS"
    basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
 
@@ -44,14 +44,12 @@ RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
         unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
 
         if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
-                    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
 
         if (emlen < 2 * SHA_DIGEST_LENGTH + 1) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
-                    RSA_R_KEY_SIZE_TOO_SMALL);
+                RSAerror(RSA_R_KEY_SIZE_TOO_SMALL);
                 return 0;
         }
 
@@ -69,7 +67,7 @@ RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
 
         dbmask = malloc(emlen - SHA_DIGEST_LENGTH);
         if (dbmask == NULL) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
@@ -126,8 +124,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
         dblen = num - SHA_DIGEST_LENGTH;
         db = malloc(dblen + num);
         if (db == NULL) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
-                    ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 return -1;
         }
 
@@ -167,8 +164,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
 
                         mlen = dblen - ++i;
                         if (tlen < mlen) {
-                                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
-                                    RSA_R_DATA_TOO_LARGE);
+                                RSAerror(RSA_R_DATA_TOO_LARGE);
                                 mlen = -1;
                         } else
                                 memcpy(to, db + i, mlen);
@@ -182,7 +178,7 @@ decoding_err:
          * To avoid chosen ciphertext attacks, the error message should not
          * reveal which kind of decoding error happened
          */
-        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+        RSAerror(RSA_R_OAEP_DECODING_ERROR);
         free(db);
         return -1;
 }
diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c
index 6c3e7fb846..6de263113f 100644
--- a/src/lib/libcrypto/rsa/rsa_pk1.c
+++ b/src/lib/libcrypto/rsa/rsa_pk1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pk1.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: rsa_pk1.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -72,8 +72,7 @@ RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
         unsigned char *p;
 
         if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
-                    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
 
@@ -101,8 +100,7 @@ RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
 
         p = from;
         if (num != flen + 1 || *(p++) != 01) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
-                    RSA_R_BLOCK_TYPE_IS_NOT_01);
+                RSAerror(RSA_R_BLOCK_TYPE_IS_NOT_01);
                 return -1;
         }
 
@@ -115,8 +113,7 @@ RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
                                 p++;
                                 break;
                         } else {
-                                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
-                                    RSA_R_BAD_FIXED_HEADER_DECRYPT);
+                                RSAerror(RSA_R_BAD_FIXED_HEADER_DECRYPT);
                                 return -1;
                         }
                 }
@@ -124,21 +121,18 @@ RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
         }
 
         if (i == j) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
-                    RSA_R_NULL_BEFORE_BLOCK_MISSING);
+                RSAerror(RSA_R_NULL_BEFORE_BLOCK_MISSING);
                 return -1;
         }
 
         if (i < 8) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
-                    RSA_R_BAD_PAD_BYTE_COUNT);
+                RSAerror(RSA_R_BAD_PAD_BYTE_COUNT);
                 return -1;
         }
         i++; /* Skip over the '\0' */
         j -= i;
         if (j > tlen) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
-                    RSA_R_DATA_TOO_LARGE);
+                RSAerror(RSA_R_DATA_TOO_LARGE);
                 return -1;
         }
         memcpy(to, p, j);
@@ -154,8 +148,7 @@ RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
         unsigned char *p;
 
         if (flen > tlen - 11) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
-                    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
 
@@ -189,8 +182,7 @@ RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
 
         p = from;
         if (num != flen + 1 || *(p++) != 02) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
-                    RSA_R_BLOCK_TYPE_IS_NOT_02);
+                RSAerror(RSA_R_BLOCK_TYPE_IS_NOT_02);
                 return -1;
         }
 
@@ -201,21 +193,18 @@ RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
                         break;
 
         if (i == j) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
-                    RSA_R_NULL_BEFORE_BLOCK_MISSING);
+                RSAerror(RSA_R_NULL_BEFORE_BLOCK_MISSING);
                 return -1;
         }
 
         if (i < 8) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
-                    RSA_R_BAD_PAD_BYTE_COUNT);
+                RSAerror(RSA_R_BAD_PAD_BYTE_COUNT);
                 return -1;
         }
         i++; /* Skip over the '\0' */
         j -= i;
         if (j > tlen) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
-                    RSA_R_DATA_TOO_LARGE);
+                RSAerror(RSA_R_DATA_TOO_LARGE);
                 return -1;
         }
         memcpy(to, p, j);
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 4b7fc09514..2ef1f3c64a 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.18 2016/10/19 16:49:11 jsing Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -170,8 +170,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
 
         if (rctx->md) {
                 if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
-                        RSAerr(RSA_F_PKEY_RSA_SIGN,
-                            RSA_R_INVALID_DIGEST_LENGTH);
+                        RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
                         return -1;
                 }
 
@@ -228,13 +227,11 @@ pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen,
                         ret--;
                         if (rctx->tbuf[ret] !=
                                 RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
-                                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
-                                    RSA_R_ALGORITHM_MISMATCH);
+                                RSAerror(RSA_R_ALGORITHM_MISMATCH);
                                 return 0;
                         }
                         if (ret != EVP_MD_size(rctx->md)) {
-                                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
-                                    RSA_R_INVALID_DIGEST_LENGTH);
+                                RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
                                 return 0;
                         }
                         if (rout)
@@ -342,14 +339,13 @@ check_padding_md(const EVP_MD *md, int padding)
                 return 1;
 
         if (padding == RSA_NO_PADDING) {
-                RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
+                RSAerror(RSA_R_INVALID_PADDING_MODE);
                 return 0;
         }
 
         if (padding == RSA_X931_PADDING) {
                 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) {
-                        RSAerr(RSA_F_CHECK_PADDING_MD,
-                            RSA_R_INVALID_X931_DIGEST);
+                        RSAerror(RSA_R_INVALID_X931_DIGEST);
                         return 0;
                 }
                 return 1;
@@ -385,8 +381,7 @@ pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                         return 1;
                 }
 bad_pad:
-                RSAerr(RSA_F_PKEY_RSA_CTRL,
-                    RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+                RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
                 return -2;
 
         case EVP_PKEY_CTRL_GET_RSA_PADDING:
@@ -396,7 +391,7 @@ bad_pad:
         case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
         case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
                 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
-                        RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+                        RSAerror(RSA_R_INVALID_PSS_SALTLEN);
                         return -2;
                 }
                 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
@@ -410,7 +405,7 @@ bad_pad:
 
         case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
                 if (p1 < 256) {
-                        RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
+                        RSAerror(RSA_R_INVALID_KEYBITS);
                         return -2;
                 }
                 rctx->nbits = p1;
@@ -431,7 +426,7 @@ bad_pad:
         case EVP_PKEY_CTRL_RSA_MGF1_MD:
         case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
                 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
-                        RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
+                        RSAerror(RSA_R_INVALID_MGF1_MD);
                         return -2;
                 }
                 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
@@ -449,8 +444,7 @@ bad_pad:
         case EVP_PKEY_CTRL_PKCS7_SIGN:
                 return 1;
         case EVP_PKEY_CTRL_PEER_KEY:
-                RSAerr(RSA_F_PKEY_RSA_CTRL,
-                    RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                RSAerror(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
                 return -2;
 
         default:
@@ -465,7 +459,7 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
         char *ep;
 
         if (!value) {
-                RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
+                RSAerror(RSA_R_VALUE_MISSING);
                 return 0;
         }
         if (!strcmp(type, "rsa_padding_mode")) {
@@ -485,8 +479,7 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
                 else if (!strcmp(value, "pss"))
                         pm = RSA_PKCS1_PSS_PADDING;
                 else {
-                        RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
-                            RSA_R_UNKNOWN_PADDING_TYPE);
+                        RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
                         return -2;
                 }
                 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
diff --git a/src/lib/libcrypto/rsa/rsa_prn.c b/src/lib/libcrypto/rsa/rsa_prn.c
index db82dab5be..c46b08c00d 100644
--- a/src/lib/libcrypto/rsa/rsa_prn.c
+++ b/src/lib/libcrypto/rsa/rsa_prn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_prn.c,v 1.6 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: rsa_prn.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -69,7 +69,7 @@ RSA_print_fp(FILE *fp, const RSA *x, int off)
         int ret;
 
         if ((b = BIO_new(BIO_s_file())) == NULL) {
-                RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB);
+                RSAerror(ERR_R_BUF_LIB);
                 return 0;
         }
         BIO_set_fp(b, fp, BIO_NOCLOSE);
diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
index 5e137a3090..870f634b8d 100644
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ b/src/lib/libcrypto/rsa/rsa_pss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pss.c,v 1.11 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: rsa_pss.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -107,16 +107,14 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         else if (sLen == -2)
                 sLen = -2;
         else if (sLen < -2) {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
-                    RSA_R_SLEN_CHECK_FAILED);
+                RSAerror(RSA_R_SLEN_CHECK_FAILED);
                 goto err;
         }
 
         MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
         emLen = RSA_size(rsa);
         if (EM[0] & (0xFF << MSBits)) {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
-                    RSA_R_FIRST_OCTET_INVALID);
+                RSAerror(RSA_R_FIRST_OCTET_INVALID);
                 goto err;
         }
         if (MSBits == 0) {
@@ -125,19 +123,18 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         }
         if (emLen < (hLen + sLen + 2)) {
                 /* sLen can be small negative */
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+                RSAerror(RSA_R_DATA_TOO_LARGE);
                 goto err;
         }
         if (EM[emLen - 1] != 0xbc) {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
-                    RSA_R_LAST_OCTET_INVALID);
+                RSAerror(RSA_R_LAST_OCTET_INVALID);
                 goto err;
         }
         maskedDBLen = emLen - hLen - 1;
         H = EM + maskedDBLen;
         DB = malloc(maskedDBLen);
         if (!DB) {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
@@ -149,13 +146,11 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++)
                 ;
         if (DB[i++] != 0x1) {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
-                    RSA_R_SLEN_RECOVERY_FAILED);
+                RSAerror(RSA_R_SLEN_RECOVERY_FAILED);
                 goto err;
         }
         if (sLen >= 0 && (maskedDBLen - i) != sLen) {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
-                    RSA_R_SLEN_CHECK_FAILED);
+                RSAerror(RSA_R_SLEN_CHECK_FAILED);
                 goto err;
         }
         if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ||
@@ -169,7 +164,7 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
                 goto err;
         if (memcmp(H_, H, hLen)) {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
+                RSAerror(RSA_R_BAD_SIGNATURE);
                 ret = 0;
         } else
                 ret = 1;
@@ -218,8 +213,7 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
         else if (sLen == -2)
                 sLen = -2;
         else if (sLen < -2) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
-                    RSA_R_SLEN_CHECK_FAILED);
+                RSAerror(RSA_R_SLEN_CHECK_FAILED);
                 goto err;
         }
 
@@ -232,15 +226,13 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
         if (sLen == -2)
                 sLen = emLen - hLen - 2;
         else if (emLen < (hLen + sLen + 2)) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
-                    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 goto err;
         }
         if (sLen > 0) {
                 salt = malloc(sLen);
                 if (!salt) {
-                        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
-                            ERR_R_MALLOC_FAILURE);
+                        RSAerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 arc4random_buf(salt, sLen);
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
index 5dbc10dbb2..179217c236 100644
--- a/src/lib/libcrypto/rsa/rsa_saos.c
+++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_saos.c,v 1.19 2015/09/30 18:41:06 jsing Exp $ */
+/* $OpenBSD: rsa_saos.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -80,13 +80,12 @@ RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len,
         i = i2d_ASN1_OCTET_STRING(&sig, NULL);
         j = RSA_size(rsa);
         if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
-                RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,
-                    RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+                RSAerror(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
                 return 0;
         }
         s = malloc(j + 1);
         if (s == NULL) {
-                RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         p = s;
@@ -112,15 +111,13 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
         ASN1_OCTET_STRING *sig = NULL;
 
         if (siglen != (unsigned int)RSA_size(rsa)) {
-                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
-                    RSA_R_WRONG_SIGNATURE_LENGTH);
+                RSAerror(RSA_R_WRONG_SIGNATURE_LENGTH);
                 return 0;
         }
 
         s = malloc(siglen);
         if (s == NULL) {
-                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
-                    ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
@@ -135,8 +132,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
 
         if ((unsigned int)sig->length != m_len ||
             memcmp(m, sig->data, m_len) != 0) {
-                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
-                    RSA_R_BAD_SIGNATURE);
+                RSAerror(RSA_R_BAD_SIGNATURE);
         } else
                 ret = 1;
 err:
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 7be08f544b..52cbc3dfe3 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.25 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -88,7 +88,7 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
         /* Special case: SSL signature, just check the length */
         if (type == NID_md5_sha1) {
                 if (m_len != SSL_SIG_LENGTH) {
-                        RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
+                        RSAerror(RSA_R_INVALID_MESSAGE_LENGTH);
                         return 0;
                 }
                 i = SSL_SIG_LENGTH;
@@ -97,12 +97,11 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
                 sig.algor = &algor;
                 sig.algor->algorithm = OBJ_nid2obj(type);
                 if (sig.algor->algorithm == NULL) {
-                        RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                        RSAerror(RSA_R_UNKNOWN_ALGORITHM_TYPE);
                         return 0;
                 }
                 if (sig.algor->algorithm->length == 0) {
-                        RSAerr(RSA_F_RSA_SIGN,
-                            RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        RSAerror(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
                         return 0;
                 }
                 parameter.type = V_ASN1_NULL;
@@ -117,13 +116,13 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
         }
         j = RSA_size(rsa);
         if (i > j - RSA_PKCS1_PADDING_SIZE) {
-                RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+                RSAerror(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
                 return 0;
         }
         if (type != NID_md5_sha1) {
                 tmps = malloc(j + 1);
                 if (tmps == NULL) {
-                        RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+                        RSAerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 p = tmps;
@@ -153,7 +152,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
         X509_SIG *sig = NULL;
 
         if (siglen != (unsigned int)RSA_size(rsa)) {
-                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+                RSAerror(RSA_R_WRONG_SIGNATURE_LENGTH);
                 return 0;
         }
 
@@ -168,11 +167,11 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 
         s = malloc(siglen);
         if (s == NULL) {
-                RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+                RSAerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
-                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+                RSAerror(RSA_R_INVALID_MESSAGE_LENGTH);
                 goto err;
         }
         i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
@@ -183,7 +182,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
         /* Special case: SSL signature */
         if (dtype == NID_md5_sha1) {
                 if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
-                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                        RSAerror(RSA_R_BAD_SIGNATURE);
                 else
                         ret = 1;
         } else {
@@ -196,7 +195,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 
                 /* Excess data can be used to create forgeries */
                 if (p != s + i) {
-                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                        RSAerror(RSA_R_BAD_SIGNATURE);
                         goto err;
                 }
 
@@ -204,14 +203,14 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
                    create forgeries */
                 if (sig->algor->parameter &&
                     ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
-                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                        RSAerror(RSA_R_BAD_SIGNATURE);
                         goto err;
                 }
 
                 sigtype = OBJ_obj2nid(sig->algor->algorithm);
 
                 if (sigtype != dtype) {
-                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
+                        RSAerror(RSA_R_ALGORITHM_MISMATCH);
                         goto err;
                 }
                 if (rm) {
@@ -219,8 +218,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 
                         md = EVP_get_digestbynid(dtype);
                         if (md && (EVP_MD_size(md) != sig->digest->length))
-                                RSAerr(RSA_F_INT_RSA_VERIFY,
-                                    RSA_R_INVALID_DIGEST_LENGTH);
+                                RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
                         else {
                                 memcpy(rm, sig->digest->data,
                                     sig->digest->length);
@@ -229,7 +227,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
                         }
                 } else if ((unsigned int)sig->digest->length != m_len ||
                     memcmp(m, sig->digest->data, m_len) != 0) {
-                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                        RSAerror(RSA_R_BAD_SIGNATURE);
                 } else
                         ret = 1;
         }
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
index 73262f29c1..60fc8ec94f 100644
--- a/src/lib/libcrypto/rsa/rsa_ssl.c
+++ b/src/lib/libcrypto/rsa/rsa_ssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ssl.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: rsa_ssl.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -72,8 +72,7 @@ RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
         unsigned char *p;
 
         if (flen > tlen - 11) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
-                    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
 
@@ -109,12 +108,11 @@ RSA_padding_check_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
 
         p = from;
         if (flen < 10) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
+                RSAerror(RSA_R_DATA_TOO_SMALL);
                 return -1;
         }
         if (num != flen + 1 || *(p++) != 02) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
-                    RSA_R_BLOCK_TYPE_IS_NOT_02);
+                RSAerror(RSA_R_BLOCK_TYPE_IS_NOT_02);
                 return -1;
         }
 
@@ -125,8 +123,7 @@ RSA_padding_check_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
                         break;
 
         if (i == j || i < 8) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
-                    RSA_R_NULL_BEFORE_BLOCK_MISSING);
+                RSAerror(RSA_R_NULL_BEFORE_BLOCK_MISSING);
                 return -1;
         }
         for (k = -9; k < -1; k++) {
@@ -134,15 +131,14 @@ RSA_padding_check_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
                         break;
         }
         if (k == -1) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
-                    RSA_R_SSLV3_ROLLBACK_ATTACK);
+                RSAerror(RSA_R_SSLV3_ROLLBACK_ATTACK);
                 return -1;
         }
 
         i++; /* Skip over the '\0' */
         j -= i;
         if (j > tlen) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
+                RSAerror(RSA_R_DATA_TOO_LARGE);
                 return -1;
         }
         memcpy(to, p, j);
diff --git a/src/lib/libcrypto/rsa/rsa_x931.c b/src/lib/libcrypto/rsa/rsa_x931.c
index 2993b4028d..3579735ab2 100644
--- a/src/lib/libcrypto/rsa/rsa_x931.c
+++ b/src/lib/libcrypto/rsa/rsa_x931.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_x931.c,v 1.9 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: rsa_x931.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -78,8 +78,7 @@ RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *from,
         j = tlen - flen - 2;
 
         if (j < 0) {
-                RSAerr(RSA_F_RSA_PADDING_ADD_X931,
-                    RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return -1;
         }
 
@@ -110,7 +109,7 @@ RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
         const unsigned char *p = from;
 
         if (num != flen || (*p != 0x6A && *p != 0x6B)) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER);
+                RSAerror(RSA_R_INVALID_HEADER);
                 return -1;
         }
 
@@ -121,15 +120,13 @@ RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
                         if (c == 0xBA)
                                 break;
                         if (c != 0xBB) {
-                                RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
-                                    RSA_R_INVALID_PADDING);
+                                RSAerror(RSA_R_INVALID_PADDING);
                                 return -1;
                         }
                 }
 
                 if (i == 0) {
-                        RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
-                            RSA_R_INVALID_PADDING);
+                        RSAerror(RSA_R_INVALID_PADDING);
                         return -1;
                 }
 
@@ -138,7 +135,7 @@ RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
                 j = flen - 2;
 
         if (j < 0 || p[j] != 0xCC) {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
+                RSAerror(RSA_R_INVALID_TRAILER);
                 return -1;
         }
 
diff --git a/src/lib/libcrypto/ts/ts_asn1.c b/src/lib/libcrypto/ts/ts_asn1.c
index 49232d8073..bc89f1368a 100644
--- a/src/lib/libcrypto/ts/ts_asn1.c
+++ b/src/lib/libcrypto/ts/ts_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_asn1.c,v 1.10 2016/11/04 18:35:30 jsing Exp $ */
+/* $OpenBSD: ts_asn1.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Nils Larsch for the OpenSSL project 2004.
  */
 /* ====================================================================
@@ -541,19 +541,18 @@ ts_resp_set_tst_info(TS_RESP *a)
 
         if (a->token) {
                 if (status != 0 && status != 1) {
-                        TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT);
+                        TSerror(TS_R_TOKEN_PRESENT);
                         return 0;
                 }
                 if (a->tst_info != NULL)
                         TS_TST_INFO_free(a->tst_info);
                 a->tst_info = PKCS7_to_TS_TST_INFO(a->token);
                 if (!a->tst_info) {
-                        TSerr(TS_F_TS_RESP_SET_TST_INFO,
-                            TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
+                        TSerror(TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
                         return 0;
                 }
         } else if (status == 0 || status == 1) {
-                TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT);
+                TSerror(TS_R_TOKEN_NOT_PRESENT);
                 return 0;
         }
 
@@ -858,13 +857,13 @@ PKCS7_to_TS_TST_INFO(PKCS7 *token)
         const unsigned char *p;
 
         if (!PKCS7_type_is_signed(token)) {
-                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+                TSerror(TS_R_BAD_PKCS7_TYPE);
                 return NULL;
         }
 
         /* Content must be present. */
         if (PKCS7_get_detached(token)) {
-                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT);
+                TSerror(TS_R_DETACHED_CONTENT);
                 return NULL;
         }
 
@@ -872,14 +871,14 @@ PKCS7_to_TS_TST_INFO(PKCS7 *token)
         pkcs7_signed = token->d.sign;
         enveloped = pkcs7_signed->contents;
         if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) {
-                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+                TSerror(TS_R_BAD_PKCS7_TYPE);
                 return NULL;
         }
 
         /* We have a DER encoded TST_INFO as the signed data. */
         tst_info_wrapper = enveloped->d.other;
         if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) {
-                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE);
+                TSerror(TS_R_BAD_TYPE);
                 return NULL;
         }
 
diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c
index bb98a6ff4c..c223aa3d46 100644
--- a/src/lib/libcrypto/ts/ts_conf.c
+++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_conf.c,v 1.9 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: ts_conf.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -245,8 +245,7 @@ TS_CONF_set_default_engine(const char *name)
 
 err:
         if (!ret) {
-                TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE,
-                    TS_R_COULD_NOT_SET_ENGINE);
+                TSerror(TS_R_COULD_NOT_SET_ENGINE);
                 ERR_asprintf_error_data("engine:%s", name);
         }
         if (e)
diff --git a/src/lib/libcrypto/ts/ts_err.c b/src/lib/libcrypto/ts/ts_err.c
index f71be883f8..4b89909384 100644
--- a/src/lib/libcrypto/ts/ts_err.c
+++ b/src/lib/libcrypto/ts/ts_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_err.c,v 1.4 2014/07/10 22:45:58 jsing Exp $ */
+/* $OpenBSD: ts_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
  *
@@ -72,57 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)
 
 static ERR_STRING_DATA TS_str_functs[] = {
-        {ERR_FUNC(TS_F_D2I_TS_RESP),    "d2i_TS_RESP"},
-        {ERR_FUNC(TS_F_DEF_SERIAL_CB),  "DEF_SERIAL_CB"},
-        {ERR_FUNC(TS_F_DEF_TIME_CB),    "DEF_TIME_CB"},
-        {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT),   "ESS_ADD_SIGNING_CERT"},
-        {ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT),   "ESS_CERT_ID_NEW_INIT"},
-        {ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT),      "ESS_SIGNING_CERT_NEW_INIT"},
-        {ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN),       "INT_TS_RESP_VERIFY_TOKEN"},
-        {ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO),   "PKCS7_to_TS_TST_INFO"},
-        {ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"},
-        {ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"},
-        {ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS),        "TS_ACCURACY_set_seconds"},
-        {ERR_FUNC(TS_F_TS_CHECK_IMPRINTS),      "TS_CHECK_IMPRINTS"},
-        {ERR_FUNC(TS_F_TS_CHECK_NONCES),        "TS_CHECK_NONCES"},
-        {ERR_FUNC(TS_F_TS_CHECK_POLICY),        "TS_CHECK_POLICY"},
-        {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},
-        {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO),   "TS_CHECK_STATUS_INFO"},
-        {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT),     "TS_COMPUTE_IMPRINT"},
-        {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE),     "TS_CONF_set_default_engine"},
-        {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT),     "TS_GET_STATUS_TEXT"},
-        {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO),        "TS_MSG_IMPRINT_set_algo"},
-        {ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"},
-        {ERR_FUNC(TS_F_TS_REQ_SET_NONCE),       "TS_REQ_set_nonce"},
-        {ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID),   "TS_REQ_set_policy_id"},
-        {ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE),        "TS_RESP_create_response"},
-        {ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO),        "TS_RESP_CREATE_TST_INFO"},
-        {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO),   "TS_RESP_CTX_add_failure_info"},
-        {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD),     "TS_RESP_CTX_add_md"},
-        {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"},
-        {ERR_FUNC(TS_F_TS_RESP_CTX_NEW),        "TS_RESP_CTX_new"},
-        {ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY),       "TS_RESP_CTX_set_accuracy"},
-        {ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS),  "TS_RESP_CTX_set_certs"},
-        {ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY),     "TS_RESP_CTX_set_def_policy"},
-        {ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT),    "TS_RESP_CTX_set_signer_cert"},
-        {ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO),    "TS_RESP_CTX_set_status_info"},
-        {ERR_FUNC(TS_F_TS_RESP_GET_POLICY),     "TS_RESP_GET_POLICY"},
-        {ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION),     "TS_RESP_SET_GENTIME_WITH_PRECISION"},
-        {ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO),        "TS_RESP_set_status_info"},
-        {ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO),   "TS_RESP_set_tst_info"},
-        {ERR_FUNC(TS_F_TS_RESP_SIGN),   "TS_RESP_SIGN"},
-        {ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE),       "TS_RESP_verify_signature"},
-        {ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN),   "TS_RESP_verify_token"},
-        {ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY),       "TS_TST_INFO_set_accuracy"},
-        {ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT),    "TS_TST_INFO_set_msg_imprint"},
-        {ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE),  "TS_TST_INFO_set_nonce"},
-        {ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID),      "TS_TST_INFO_set_policy_id"},
-        {ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"},
-        {ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME),   "TS_TST_INFO_set_time"},
-        {ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA),    "TS_TST_INFO_set_tsa"},
-        {ERR_FUNC(TS_F_TS_VERIFY),      "TS_VERIFY"},
-        {ERR_FUNC(TS_F_TS_VERIFY_CERT), "TS_VERIFY_CERT"},
-        {ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW),      "TS_VERIFY_CTX_new"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/ts/ts_req_utils.c b/src/lib/libcrypto/ts/ts_req_utils.c
index ab813b2b42..bd707c228f 100644
--- a/src/lib/libcrypto/ts/ts_req_utils.c
+++ b/src/lib/libcrypto/ts/ts_req_utils.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_req_utils.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: ts_req_utils.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -84,7 +84,7 @@ TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint)
                 return 1;
         new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
         if (new_msg_imprint == NULL) {
-                TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         TS_MSG_IMPRINT_free(a->msg_imprint);
@@ -107,7 +107,7 @@ TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg)
                 return 1;
         new_alg = X509_ALGOR_dup(alg);
         if (new_alg == NULL) {
-                TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         X509_ALGOR_free(a->hash_algo);
@@ -142,7 +142,7 @@ TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy)
                 return 1;
         new_policy = OBJ_dup(policy);
         if (new_policy == NULL) {
-                TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         ASN1_OBJECT_free(a->policy_id);
@@ -165,7 +165,7 @@ TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce)
                 return 1;
         new_nonce = ASN1_INTEGER_dup(nonce);
         if (new_nonce == NULL) {
-                TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         ASN1_INTEGER_free(a->nonce);
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c
index f9e8c53cc8..57e2d7f348 100644
--- a/src/lib/libcrypto/ts/ts_rsp_sign.c
+++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_sign.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */
+/* $OpenBSD: ts_rsp_sign.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -103,7 +103,7 @@ def_serial_cb(struct TS_resp_ctx *ctx, void *data)
         return serial;
 
 err:
-        TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
+        TSerror(ERR_R_MALLOC_FAILURE);
         TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
             "Error during serial number generation.");
         return NULL;
@@ -116,7 +116,7 @@ def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec)
         struct timeval tv;
 
         if (gettimeofday(&tv, NULL) != 0) {
-                TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+                TSerror(TS_R_TIME_SYSCALL_ERROR);
                 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                     "Time is not available.");
                 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
@@ -147,7 +147,7 @@ TS_RESP_CTX_new(void)
         TS_RESP_CTX *ctx;
 
         if (!(ctx = calloc(1, sizeof(TS_RESP_CTX)))) {
-                TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -181,8 +181,7 @@ int
 TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
 {
         if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) {
-                TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT,
-                    TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
+                TSerror(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
                 return 0;
         }
         X509_free(ctx->signer_cert);
@@ -211,7 +210,7 @@ TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
         return 1;
 
 err:
-        TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE);
+        TSerror(ERR_R_MALLOC_FAILURE);
         return 0;
 }
 
@@ -227,7 +226,7 @@ TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
         if (!certs)
                 return 1;
         if (!(ctx->certs = sk_X509_dup(certs))) {
-                TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
@@ -254,7 +253,7 @@ TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy)
         return 1;
 
 err:
-        TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE);
+        TSerror(ERR_R_MALLOC_FAILURE);
         ASN1_OBJECT_free(copy);
         return 0;
 }
@@ -272,7 +271,7 @@ TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
         return 1;
 
 err:
-        TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE);
+        TSerror(ERR_R_MALLOC_FAILURE);
         return 0;
 }
 
@@ -302,7 +301,7 @@ TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, int secs, int millis, int micros)
 
 err:
         TS_RESP_CTX_accuracy_free(ctx);
-        TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+        TSerror(ERR_R_MALLOC_FAILURE);
         return 0;
 }
 
@@ -353,7 +352,7 @@ TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, int status, const char *text)
 
 err:
         if (!ret)
-                TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
         TS_STATUS_INFO_free(si);
         ASN1_UTF8STRING_free(utf8_text);
         return ret;
@@ -384,7 +383,7 @@ TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
         return 1;
 
 err:
-        TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE);
+        TSerror(ERR_R_MALLOC_FAILURE);
         return 0;
 }
 
@@ -421,7 +420,7 @@ TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
 
         /* Creating the response object. */
         if (!(ctx->response = TS_RESP_new())) {
-                TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 goto end;
         }
 
@@ -463,7 +462,7 @@ TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
 
 end:
         if (!result) {
-                TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
+                TSerror(TS_R_RESPONSE_SETUP_ERROR);
                 if (ctx->response != NULL) {
                         if (TS_RESP_CTX_set_status_info_cond(ctx,
                             TS_STATUS_REJECTION, "Error during response "
@@ -567,7 +566,7 @@ TS_RESP_get_policy(TS_RESP_CTX *ctx)
         int i;
 
         if (ctx->default_policy == NULL) {
-                TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
+                TSerror(TS_R_INVALID_NULL_POINTER);
                 return NULL;
         }
         /* Return the default policy if none is requested or the default is
@@ -582,7 +581,7 @@ TS_RESP_get_policy(TS_RESP_CTX *ctx)
                         policy = current;
         }
         if (!policy) {
-                TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY);
+                TSerror(TS_R_UNACCEPTABLE_POLICY);
                 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                     "Requested policy is not "
                     "supported.");
@@ -665,7 +664,7 @@ end:
         if (!result) {
                 TS_TST_INFO_free(tst_info);
                 tst_info = NULL;
-                TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR);
+                TSerror(TS_R_TST_INFO_SETUP_ERROR);
                 TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
                     "Error during TSTInfo "
                     "generation.");
@@ -716,14 +715,13 @@ TS_RESP_sign(TS_RESP_CTX *ctx)
 
         /* Check if signcert and pkey match. */
         if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
-                TSerr(TS_F_TS_RESP_SIGN,
-                    TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                TSerror(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
                 goto err;
         }
 
         /* Create a new PKCS7 signed object. */
         if (!(p7 = PKCS7_new())) {
-                TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (!PKCS7_set_type(p7, NID_pkcs7_signed))
@@ -747,7 +745,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx)
         /* Add a new signer info. */
         if (!(si = PKCS7_add_signature(p7, ctx->signer_cert,
             ctx->signer_key, EVP_sha1()))) {
-                TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
+                TSerror(TS_R_PKCS7_ADD_SIGNATURE_ERROR);
                 goto err;
         }
 
@@ -755,7 +753,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx)
         oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
         if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
             V_ASN1_OBJECT, oid)) {
-                TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
+                TSerror(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
                 goto err;
         }
 
@@ -767,7 +765,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx)
 
         /* Add SigningCertificate signed attribute to the signer info. */
         if (!ESS_add_signing_cert(si, sc)) {
-                TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
+                TSerror(TS_R_ESS_ADD_SIGNING_CERT_ERROR);
                 goto err;
         }
 
@@ -777,19 +775,19 @@ TS_RESP_sign(TS_RESP_CTX *ctx)
 
         /* Add the DER encoded tst_info to the PKCS7 structure. */
         if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
-                TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
         /* Convert tst_info to DER. */
         if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) {
-                TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+                TSerror(TS_R_TS_DATASIGN);
                 goto err;
         }
 
         /* Create the signature and add it to the signer info. */
         if (!PKCS7_dataFinal(p7, p7bio)) {
-                TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+                TSerror(TS_R_TS_DATASIGN);
                 goto err;
         }
 
@@ -840,7 +838,7 @@ ESS_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs)
 
 err:
         ESS_SIGNING_CERT_free(sc);
-        TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE);
+        TSerror(ERR_R_MALLOC_FAILURE);
         return NULL;
 }
 
@@ -886,7 +884,7 @@ ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
 err:
         GENERAL_NAME_free(name);
         ESS_CERT_ID_free(cid);
-        TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE);
+        TSerror(ERR_R_MALLOC_FAILURE);
         return NULL;
 }
 
@@ -928,13 +926,13 @@ ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
 
         len = i2d_ESS_SIGNING_CERT(sc, NULL);
         if (!(pp = malloc(len))) {
-                TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         p = pp;
         i2d_ESS_SIGNING_CERT(sc, &p);
         if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) {
-                TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         free(pp);
@@ -1017,6 +1015,6 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
         return asn1_time;
 
 err:
-        TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
+        TSerror(TS_R_COULD_NOT_SET_TIME);
         return NULL;
 }
diff --git a/src/lib/libcrypto/ts/ts_rsp_utils.c b/src/lib/libcrypto/ts/ts_rsp_utils.c
index 39eb2a2963..5638331d17 100644
--- a/src/lib/libcrypto/ts/ts_rsp_utils.c
+++ b/src/lib/libcrypto/ts/ts_rsp_utils.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_utils.c,v 1.5 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: ts_rsp_utils.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -74,7 +74,7 @@ TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
                 return 1;
         new_status_info = TS_STATUS_INFO_dup(status_info);
         if (new_status_info == NULL) {
-                TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         TS_STATUS_INFO_free(a->status_info);
@@ -133,7 +133,7 @@ TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy)
                 return 1;
         new_policy = OBJ_dup(policy);
         if (new_policy == NULL) {
-                TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         ASN1_OBJECT_free(a->policy_id);
@@ -156,7 +156,7 @@ TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint)
                 return 1;
         new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
         if (new_msg_imprint == NULL) {
-                TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         TS_MSG_IMPRINT_free(a->msg_imprint);
@@ -179,7 +179,7 @@ TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial)
                 return 1;
         new_serial = ASN1_INTEGER_dup(serial);
         if (new_serial == NULL) {
-                TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         ASN1_INTEGER_free(a->serial);
@@ -202,7 +202,7 @@ TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime)
                 return 1;
         new_time = ASN1_STRING_dup(gtime);
         if (new_time == NULL) {
-                TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         ASN1_GENERALIZEDTIME_free(a->time);
@@ -225,7 +225,7 @@ TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy)
                 return 1;
         new_accuracy = TS_ACCURACY_dup(accuracy);
         if (new_accuracy == NULL) {
-                TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         TS_ACCURACY_free(a->accuracy);
@@ -248,7 +248,7 @@ TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds)
                 return 1;
         new_seconds = ASN1_INTEGER_dup(seconds);
         if (new_seconds == NULL) {
-                TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         ASN1_INTEGER_free(a->seconds);
@@ -272,8 +272,7 @@ TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis)
         if (millis != NULL) {
                 new_millis = ASN1_INTEGER_dup(millis);
                 if (new_millis == NULL) {
-                        TSerr(TS_F_TS_ACCURACY_SET_MILLIS,
-                            ERR_R_MALLOC_FAILURE);
+                        TSerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
         }
@@ -298,8 +297,7 @@ TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros)
         if (micros != NULL) {
                 new_micros = ASN1_INTEGER_dup(micros);
                 if (new_micros == NULL) {
-                        TSerr(TS_F_TS_ACCURACY_SET_MICROS,
-                            ERR_R_MALLOC_FAILURE);
+                        TSerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
         }
@@ -336,7 +334,7 @@ TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce)
                 return 1;
         new_nonce = ASN1_INTEGER_dup(nonce);
         if (new_nonce == NULL) {
-                TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         ASN1_INTEGER_free(a->nonce);
@@ -359,7 +357,7 @@ TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa)
                 return 1;
         new_tsa = GENERAL_NAME_dup(tsa);
         if (new_tsa == NULL) {
-                TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         GENERAL_NAME_free(a->tsa);
diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c
index 020658bb02..36ead0671a 100644
--- a/src/lib/libcrypto/ts/ts_rsp_verify.c
+++ b/src/lib/libcrypto/ts/ts_rsp_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_verify.c,v 1.17 2016/11/05 15:19:07 miod Exp $ */
+/* $OpenBSD: ts_rsp_verify.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -155,28 +155,27 @@ TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
 
         /* Some sanity checks first. */
         if (!token) {
-                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
+                TSerror(TS_R_INVALID_NULL_POINTER);
                 goto err;
         }
 
         /* Check for the correct content type */
         if (!PKCS7_type_is_signed(token)) {
-                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
+                TSerror(TS_R_WRONG_CONTENT_TYPE);
                 goto err;
         }
 
         /* Check if there is one and only one signer. */
         sinfos = PKCS7_get_signer_info(token);
         if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
-                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE,
-                    TS_R_THERE_MUST_BE_ONE_SIGNER);
+                TSerror(TS_R_THERE_MUST_BE_ONE_SIGNER);
                 goto err;
         }
         si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
 
         /* Check for no content: no data to verify signature. */
         if (PKCS7_get_detached(token)) {
-                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
+                TSerror(TS_R_NO_CONTENT);
                 goto err;
         }
 
@@ -206,7 +205,7 @@ TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
         /* Verifying the signature. */
         j = PKCS7_signatureVerify(p7bio, token, si, signer);
         if (j <= 0) {
-                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
+                TSerror(TS_R_SIGNATURE_FAILURE);
                 goto err;
         }
 
@@ -241,7 +240,7 @@ TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer,
         /* chain is an out argument. */
         *chain = NULL;
         if (X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted) == 0) {
-                TSerr(TS_F_TS_VERIFY_CERT, ERR_R_X509_LIB);
+                TSerror(ERR_R_X509_LIB);
                 goto err;
         }
         if (X509_STORE_CTX_set_purpose(&cert_ctx,
@@ -251,7 +250,7 @@ TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer,
         if (i <= 0) {
                 int j = X509_STORE_CTX_get_error(&cert_ctx);
 
-                TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
+                TSerror(TS_R_CERTIFICATE_VERIFY_ERROR);
                 ERR_asprintf_error_data("Verify error:%s",
                     X509_verify_cert_error_string(j));
                 goto err;
@@ -298,8 +297,7 @@ TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain)
 
 err:
         if (!ret)
-                TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
-                    TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
+                TSerror(TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
         ESS_SIGNING_CERT_free(ss);
         return ret;
 }
@@ -446,7 +444,7 @@ int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token,
         /* Check version number of response. */
         if ((ctx->flags & TS_VFY_VERSION) &&
             TS_TST_INFO_get_version(tst_info) != 1) {
-                TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
+                TSerror(TS_R_UNSUPPORTED_VERSION);
                 goto err;
         }
 
@@ -476,14 +474,14 @@ int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token,
         /* Check whether TSA name and signer certificate match. */
         if ((ctx->flags & TS_VFY_SIGNER) &&
             tsa_name && !TS_check_signer_name(tsa_name, signer)) {
-                TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
+                TSerror(TS_R_TSA_NAME_MISMATCH);
                 goto err;
         }
 
         /* Check whether the TSA is the expected one. */
         if ((ctx->flags & TS_VFY_TSA_NAME) &&
             !TS_check_signer_name(ctx->tsa_name, signer)) {
-                TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
+                TSerror(TS_R_TSA_UNTRUSTED);
                 goto err;
         }
 
@@ -541,7 +539,7 @@ TS_check_status_info(TS_RESP *response)
                 strlcpy(failure_text, "unspecified", TS_STATUS_BUF_SIZE);
 
         /* Making up the error string. */
-        TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
+        TSerror(TS_R_NO_TIME_STAMP_TOKEN);
         ERR_asprintf_error_data
             ("status code: %s, status text: %s, failure codes: %s",
             status_text,
@@ -567,7 +565,7 @@ TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
         }
         /* Allocate memory (closing '\0' included). */
         if (!(result = malloc(length))) {
-                TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         /* Concatenate the descriptions. */
@@ -587,7 +585,7 @@ TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
         ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info);
 
         if (OBJ_cmp(req_oid, resp_oid) != 0) {
-                TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
+                TSerror(TS_R_POLICY_MISMATCH);
                 return 0;
         }
 
@@ -614,7 +612,7 @@ TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg,
 
         /* Getting the MD object. */
         if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) {
-                TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
+                TSerror(TS_R_UNSUPPORTED_MD_ALGORITHM);
                 goto err;
         }
 
@@ -624,7 +622,7 @@ TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg,
                 goto err;
         *imprint_len = length;
         if (!(*imprint = malloc(*imprint_len))) {
-                TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -675,7 +673,7 @@ TS_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a,
 
 err:
         if (!ret)
-                TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
+                TSerror(TS_R_MESSAGE_IMPRINT_MISMATCH);
         return ret;
 }
 
@@ -686,13 +684,13 @@ TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
 
         /* Error if nonce is missing. */
         if (!b) {
-                TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
+                TSerror(TS_R_NONCE_NOT_RETURNED);
                 return 0;
         }
 
         /* No error if a nonce is returned without being requested. */
         if (ASN1_INTEGER_cmp(a, b) != 0) {
-                TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
+                TSerror(TS_R_NONCE_MISMATCH);
                 return 0;
         }
 
diff --git a/src/lib/libcrypto/ts/ts_verify_ctx.c b/src/lib/libcrypto/ts/ts_verify_ctx.c
index 7dda76e7d9..7608a7d109 100644
--- a/src/lib/libcrypto/ts/ts_verify_ctx.c
+++ b/src/lib/libcrypto/ts/ts_verify_ctx.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_verify_ctx.c,v 1.8 2015/02/10 09:46:30 miod Exp $ */
+/* $OpenBSD: ts_verify_ctx.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2003.
  */
@@ -68,7 +68,7 @@ TS_VERIFY_CTX_new(void)
         TS_VERIFY_CTX *ctx = calloc(1, sizeof(TS_VERIFY_CTX));
 
         if (!ctx)
-                TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);
+                TSerror(ERR_R_MALLOC_FAILURE);
 
         return ctx;
 }
diff --git a/src/lib/libcrypto/ui/ui_err.c b/src/lib/libcrypto/ui/ui_err.c
index 576f334796..8451d63253 100644
--- a/src/lib/libcrypto/ui/ui_err.c
+++ b/src/lib/libcrypto/ui/ui_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ui_err.c,v 1.8 2014/07/10 22:45:58 jsing Exp $ */
+/* $OpenBSD: ui_err.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -72,18 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
 
 static ERR_STRING_DATA UI_str_functs[] = {
-        {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"},
-        {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"},
-        {ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
-        {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
-        {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
-        {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
-        {ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
-        {ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
-        {ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
-        {ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
-        {ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
-        {ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
index 80f0992ddd..e551030729 100644
--- a/src/lib/libcrypto/ui/ui_lib.c
+++ b/src/lib/libcrypto/ui/ui_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ui_lib.c,v 1.31 2016/04/28 16:42:28 tedu Exp $ */
+/* $OpenBSD: ui_lib.c,v 1.32 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
  * project 2001.
  */
@@ -81,7 +81,7 @@ UI_new_method(const UI_METHOD *method)
 
         ret = malloc(sizeof(UI));
         if (ret == NULL) {
-                UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+                UIerror(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         if (method == NULL)
@@ -143,11 +143,10 @@ general_allocate_prompt(UI *ui, const char *prompt, int prompt_freeable,
         UI_STRING *ret = NULL;
 
         if (prompt == NULL) {
-                UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                UIerror(ERR_R_PASSED_NULL_PARAMETER);
         } else if ((type == UIT_PROMPT || type == UIT_VERIFY ||
             type == UIT_BOOLEAN) && result_buf == NULL) {
-                UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
+                UIerror(UI_R_NO_RESULT_BUFFER);
         } else if ((ret = malloc(sizeof(UI_STRING)))) {
                 ret->out_string = prompt;
                 ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
@@ -192,16 +191,13 @@ general_allocate_boolean(UI *ui, const char *prompt, const char *action_desc,
         const char *p;
 
         if (ok_chars == NULL) {
-                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                UIerror(ERR_R_PASSED_NULL_PARAMETER);
         } else if (cancel_chars == NULL) {
-                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                UIerror(ERR_R_PASSED_NULL_PARAMETER);
         } else {
                 for (p = ok_chars; *p; p++) {
                         if (strchr(cancel_chars, *p)) {
-                                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
-                                    UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
+                                UIerror(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
                         }
                 }
 
@@ -247,7 +243,7 @@ UI_dup_input_string(UI *ui, const char *prompt, int flags, char *result_buf,
         if (prompt) {
                 prompt_copy = strdup(prompt);
                 if (prompt_copy == NULL) {
-                        UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
+                        UIerror(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
         }
@@ -272,7 +268,7 @@ UI_dup_verify_string(UI *ui, const char *prompt, int flags,
         if (prompt) {
                 prompt_copy = strdup(prompt);
                 if (prompt_copy == NULL) {
-                        UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
+                        UIerror(ERR_R_MALLOC_FAILURE);
                         return -1;
                 }
         }
@@ -300,28 +296,28 @@ UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
         if (prompt) {
                 prompt_copy = strdup(prompt);
                 if (prompt_copy == NULL) {
-                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+                        UIerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
         if (action_desc) {
                 action_desc_copy = strdup(action_desc);
                 if (action_desc_copy == NULL) {
-                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+                        UIerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
         if (ok_chars) {
                 ok_chars_copy = strdup(ok_chars);
                 if (ok_chars_copy == NULL) {
-                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+                        UIerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
         if (cancel_chars) {
                 cancel_chars_copy = strdup(cancel_chars);
                 if (cancel_chars_copy == NULL) {
-                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+                        UIerror(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
@@ -352,7 +348,7 @@ UI_dup_info_string(UI *ui, const char *text)
         if (text) {
                 text_copy = strdup(text);
                 if (text_copy == NULL) {
-                        UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
+                        UIerror(ERR_R_MALLOC_FAILURE);
                         return -1;
                 }
         }
@@ -375,7 +371,7 @@ UI_dup_error_string(UI *ui, const char *text)
         if (text) {
                 text_copy = strdup(text);
                 if (text_copy == NULL) {
-                        UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
+                        UIerror(ERR_R_MALLOC_FAILURE);
                         return -1;
                 }
         }
@@ -426,11 +422,11 @@ const char *
 UI_get0_result(UI *ui, int i)
 {
         if (i < 0) {
-                UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL);
+                UIerror(UI_R_INDEX_TOO_SMALL);
                 return NULL;
         }
         if (i >= sk_UI_STRING_num(ui->strings)) {
-                UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE);
+                UIerror(UI_R_INDEX_TOO_LARGE);
                 return NULL;
         }
         return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
@@ -514,7 +510,7 @@ int
 UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
 {
         if (ui == NULL) {
-                UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                UIerror(ERR_R_PASSED_NULL_PARAMETER);
                 return -1;
         }
         switch (cmd) {
@@ -532,7 +528,7 @@ UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
         default:
                 break;
         }
-        UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND);
+        UIerror(UI_R_UNKNOWN_CONTROL_COMMAND);
         return -1;
 }
 
@@ -831,8 +827,7 @@ UI_set_result(UI *ui, UI_STRING *uis, const char *result)
         case UIT_VERIFY:
                 if (l < uis->_.string_data.result_minsize) {
                         ui->flags |= UI_FLAG_REDOABLE;
-                        UIerr(UI_F_UI_SET_RESULT,
-                            UI_R_RESULT_TOO_SMALL);
+                        UIerror(UI_R_RESULT_TOO_SMALL);
                         ERR_asprintf_error_data
                             ("You must type in %d to %d characters",
                                 uis->_.string_data.result_minsize,
@@ -841,8 +836,7 @@ UI_set_result(UI *ui, UI_STRING *uis, const char *result)
                 }
                 if (l > uis->_.string_data.result_maxsize) {
                         ui->flags |= UI_FLAG_REDOABLE;
-                        UIerr(UI_F_UI_SET_RESULT,
-                            UI_R_RESULT_TOO_LARGE);
+                        UIerror(UI_R_RESULT_TOO_LARGE);
                         ERR_asprintf_error_data
                             ("You must type in %d to %d characters",
                                 uis->_.string_data.result_minsize,
@@ -850,7 +844,7 @@ UI_set_result(UI *ui, UI_STRING *uis, const char *result)
                         return -1;
                 }
                 if (!uis->result_buf) {
-                        UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+                        UIerror(UI_R_NO_RESULT_BUFFER);
                         return -1;
                 }
                 strlcpy(uis->result_buf, result,
@@ -861,7 +855,7 @@ UI_set_result(UI *ui, UI_STRING *uis, const char *result)
                         const char *p;
 
                         if (!uis->result_buf) {
-                                UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+                                UIerror(UI_R_NO_RESULT_BUFFER);
                                 return -1;
                         }
                         uis->result_buf[0] = '\0';
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 7b7d14a950..01a302b538 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_dir.c,v 1.37 2015/04/11 16:03:21 deraadt Exp $ */
+/* $OpenBSD: by_dir.c,v 1.38 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -133,7 +133,7 @@ dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
                         ret = add_cert_dir(ld, X509_get_default_cert_dir(),
                             X509_FILETYPE_PEM);
                         if (!ret) {
-                                X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR);
+                                X509error(X509_R_LOADING_CERT_DIR);
                         }
                 } else
                         ret = add_cert_dir(ld, argp, (int)argl);
@@ -205,7 +205,7 @@ add_cert_dir(BY_DIR *ctx, const char *dir, int type)
         ptrdiff_t len;
 
         if (dir == NULL || !*dir) {
-                X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY);
+                X509error(X509_R_INVALID_DIRECTORY);
                 return 0;
         }
 
@@ -230,25 +230,25 @@ add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                         if (ctx->dirs == NULL) {
                                 ctx->dirs = sk_BY_DIR_ENTRY_new_null();
                                 if (!ctx->dirs) {
-                                        X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                                        X509error(ERR_R_MALLOC_FAILURE);
                                         return 0;
                                 }
                         }
                         ent = malloc(sizeof(BY_DIR_ENTRY));
                         if (!ent) {
-                                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                                X509error(ERR_R_MALLOC_FAILURE);
                                 return 0;
                         }
                         ent->dir_type = type;
                         ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
                         ent->dir = strndup(ss, (size_t)len);
                         if (!ent->dir || !ent->hashes) {
-                                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                                X509error(ERR_R_MALLOC_FAILURE);
                                 by_dir_entry_free(ent);
                                 return 0;
                         }
                         if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
-                                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                                X509error(ERR_R_MALLOC_FAILURE);
                                 by_dir_entry_free(ent);
                                 return 0;
                         }
@@ -294,12 +294,12 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                 stmp.data.crl = &data.crl.st_crl;
                 postfix="r";
         } else {
-                X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE);
+                X509error(X509_R_WRONG_LOOKUP_TYPE);
                 goto finish;
         }
 
         if ((b = BUF_MEM_new()) == NULL) {
-                X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB);
+                X509error(ERR_R_BUF_LIB);
                 goto finish;
         }
 
@@ -313,7 +313,7 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                 ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
                 j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
                 if (!BUF_MEM_grow(b, j)) {
-                        X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+                        X509error(ERR_R_MALLOC_FAILURE);
                         goto finish;
                 }
                 if (type == X509_LU_CRL && ent->hashes) {
@@ -381,7 +381,7 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                         if (!hent) {
                                 hent = malloc(sizeof(BY_DIR_HASH));
                                 if (!hent) {
-                                        X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+                                        X509error(ERR_R_MALLOC_FAILURE);
                                         CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
                                         ok = 0;
                                         goto finish;
@@ -389,7 +389,7 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                                 hent->hash = h;
                                 hent->suffix = k;
                                 if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
-                                        X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+                                        X509error(ERR_R_MALLOC_FAILURE);
                                         CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
                                         free(hent);
                                         ok = 0;
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
index 377b3b0a8b..b2c8ef6cfa 100644
--- a/src/lib/libcrypto/x509/by_file.c
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_file.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */
+/* $OpenBSD: by_file.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -102,8 +102,7 @@ by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
                             X509_get_default_cert_file(),
                             X509_FILETYPE_PEM) != 0);
                         if (!ok) {
-                                X509err(X509_F_BY_FILE_CTRL,
-                                    X509_R_LOADING_DEFAULTS);
+                                X509error(X509_R_LOADING_DEFAULTS);
                         }
                 } else {
                         if (argl == X509_FILETYPE_PEM)
@@ -131,7 +130,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
         in = BIO_new(BIO_s_file_internal());
 
         if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
-                X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB);
+                X509error(ERR_R_SYS_LIB);
                 goto err;
         }
 
@@ -144,8 +143,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
                                         ERR_clear_error();
                                         break;
                                 } else {
-                                        X509err(X509_F_X509_LOAD_CERT_FILE,
-                                            ERR_R_PEM_LIB);
+                                        X509error(ERR_R_PEM_LIB);
                                         goto err;
                                 }
                         }
@@ -160,7 +158,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
         } else if (type == X509_FILETYPE_ASN1) {
                 x = d2i_X509_bio(in, NULL);
                 if (x == NULL) {
-                        X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB);
+                        X509error(ERR_R_ASN1_LIB);
                         goto err;
                 }
                 i = X509_STORE_add_cert(ctx->store_ctx, x);
@@ -168,7 +166,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
                         goto err;
                 ret = i;
         } else {
-                X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
+                X509error(X509_R_BAD_X509_FILETYPE);
                 goto err;
         }
 err:
@@ -190,7 +188,7 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
         in = BIO_new(BIO_s_file_internal());
 
         if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
-                X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
+                X509error(ERR_R_SYS_LIB);
                 goto err;
         }
 
@@ -203,8 +201,7 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
                                         ERR_clear_error();
                                         break;
                                 } else {
-                                        X509err(X509_F_X509_LOAD_CRL_FILE,
-                                            ERR_R_PEM_LIB);
+                                        X509error(ERR_R_PEM_LIB);
                                         goto err;
                                 }
                         }
@@ -219,7 +216,7 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
         } else if (type == X509_FILETYPE_ASN1) {
                 x = d2i_X509_CRL_bio(in, NULL);
                 if (x == NULL) {
-                        X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB);
+                        X509error(ERR_R_ASN1_LIB);
                         goto err;
                 }
                 i = X509_STORE_add_crl(ctx->store_ctx, x);
@@ -227,7 +224,7 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
                         goto err;
                 ret = i;
         } else {
-                X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
+                X509error(X509_R_BAD_X509_FILETYPE);
                 goto err;
         }
 err:
@@ -248,13 +245,13 @@ X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
                 return X509_load_cert_file(ctx, file, type);
         in = BIO_new_file(file, "r");
         if (!in) {
-                X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
+                X509error(ERR_R_SYS_LIB);
                 return 0;
         }
         inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
         BIO_free(in);
         if (!inf) {
-                X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
+                X509error(ERR_R_PEM_LIB);
                 return 0;
         }
         for (i = 0; i < sk_X509_INFO_num(inf); i++) {
diff --git a/src/lib/libcrypto/x509/by_mem.c b/src/lib/libcrypto/x509/by_mem.c
index ecab813406..34d4040d84 100644
--- a/src/lib/libcrypto/x509/by_mem.c
+++ b/src/lib/libcrypto/x509/by_mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_mem.c,v 1.3 2015/02/05 01:33:22 reyk Exp $ */
+/* $OpenBSD: by_mem.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -129,7 +129,7 @@ by_mem_ctrl(X509_LOOKUP *lu, int cmd, const char *buf,
         ok = count != 0;
  done:
         if (count == 0)
-                X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
+                X509error(ERR_R_PEM_LIB);
         if (inf != NULL)
                 sk_X509_INFO_pop_free(inf, X509_INFO_free);
         if (in != NULL)
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
index ab11e79b0a..7304118eb3 100644
--- a/src/lib/libcrypto/x509/x509_att.c
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_att.c,v 1.14 2016/03/21 04:05:33 mmcc Exp $ */
+/* $OpenBSD: x509_att.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -131,7 +131,7 @@ X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr)
         STACK_OF(X509_ATTRIBUTE) *sk = NULL;
 
         if (x == NULL) {
-                X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
+                X509error(ERR_R_PASSED_NULL_PARAMETER);
                 return (NULL);
         }
 
@@ -150,7 +150,7 @@ X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr)
         return (sk);
 
 err:
-        X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
+        X509error(ERR_R_MALLOC_FAILURE);
 err2:
         if (new_attr != NULL)
                 X509_ATTRIBUTE_free(new_attr);
@@ -231,8 +231,7 @@ X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype,
 
         obj = OBJ_nid2obj(nid);
         if (obj == NULL) {
-                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,
-                    X509_R_UNKNOWN_NID);
+                X509error(X509_R_UNKNOWN_NID);
                 return (NULL);
         }
         ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
@@ -249,8 +248,7 @@ X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj,
 
         if ((attr == NULL) || (*attr == NULL)) {
                 if ((ret = X509_ATTRIBUTE_new()) == NULL) {
-                        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
-                            ERR_R_MALLOC_FAILURE);
+                        X509error(ERR_R_MALLOC_FAILURE);
                         return (NULL);
                 }
         } else
@@ -280,8 +278,7 @@ X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, const char *atrname,
 
         obj = OBJ_txt2obj(atrname, 0);
         if (obj == NULL) {
-                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
-                    X509_R_INVALID_FIELD_NAME);
+                X509error(X509_R_INVALID_FIELD_NAME);
                 ERR_asprintf_error_data("name=%s", atrname);
                 return (NULL);
         }
@@ -314,8 +311,7 @@ X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data,
                 stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
                     OBJ_obj2nid(attr->object));
                 if (!stmp) {
-                        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA,
-                            ERR_R_ASN1_LIB);
+                        X509error(ERR_R_ASN1_LIB);
                         return 0;
                 }
                 atype = stmp->type;
@@ -352,7 +348,7 @@ X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data,
 err:
         ASN1_TYPE_free(ttmp);
         ASN1_STRING_free(stmp);
-        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+        X509error(ERR_R_MALLOC_FAILURE);
         return 0;
 }
 
@@ -383,7 +379,7 @@ X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, void *data)
         if (!ttmp)
                 return NULL;
         if (atrtype != ASN1_TYPE_get(ttmp)){
-                X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
+                X509error(X509_R_WRONG_TYPE);
                 return NULL;
         }
         return ttmp->value.ptr;
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 407e1e07ad..72fbef1544 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cmp.c,v 1.26 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: x509_cmp.c,v 1.27 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -351,16 +351,13 @@ X509_check_private_key(X509 *x, EVP_PKEY *k)
         case 1:
                 break;
         case 0:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
-                    X509_R_KEY_VALUES_MISMATCH);
+                X509error(X509_R_KEY_VALUES_MISMATCH);
                 break;
         case -1:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
-                    X509_R_KEY_TYPE_MISMATCH);
+                X509error(X509_R_KEY_TYPE_MISMATCH);
                 break;
         case -2:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
-                    X509_R_UNKNOWN_KEY_TYPE);
+                X509error(X509_R_UNKNOWN_KEY_TYPE);
         }
         EVP_PKEY_free(xk);
         if (ret > 0)
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index 6a15ac9fd0..3b321376ad 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_err.c,v 1.12 2014/07/10 22:45:58 jsing Exp $ */
+/* $OpenBSD: x509_err.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -72,51 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
 
 static ERR_STRING_DATA X509_str_functs[] = {
-        {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
-        {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
-        {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
-        {ERR_FUNC(X509_F_DIR_CTRL),     "DIR_CTRL"},
-        {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT),  "GET_CERT_BY_SUBJECT"},
-        {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE),     "NETSCAPE_SPKI_b64_decode"},
-        {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE),     "NETSCAPE_SPKI_b64_encode"},
-        {ERR_FUNC(X509_F_X509AT_ADD1_ATTR),     "X509at_add1_attr"},
-        {ERR_FUNC(X509_F_X509V3_ADD_EXT),       "X509v3_add_ext"},
-        {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
-        {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
-        {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
-        {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA),     "X509_ATTRIBUTE_get0_data"},
-        {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA),     "X509_ATTRIBUTE_set1_data"},
-        {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY),       "X509_check_private_key"},
-        {ERR_FUNC(X509_F_X509_CRL_PRINT_FP),    "X509_CRL_print_fp"},
-        {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
-        {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
-        {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),   "X509_get_pubkey_parameters"},
-        {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE),      "X509_load_cert_crl_file"},
-        {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE),  "X509_load_cert_file"},
-        {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE),   "X509_load_crl_file"},
-        {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY),  "X509_NAME_add_entry"},
-        {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),        "X509_NAME_ENTRY_create_by_NID"},
-        {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),        "X509_NAME_ENTRY_create_by_txt"},
-        {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),   "X509_NAME_ENTRY_set_object"},
-        {ERR_FUNC(X509_F_X509_NAME_ONELINE),    "X509_NAME_oneline"},
-        {ERR_FUNC(X509_F_X509_NAME_PRINT),      "X509_NAME_print"},
-        {ERR_FUNC(X509_F_X509_PRINT_EX_FP),     "X509_print_ex_fp"},
-        {ERR_FUNC(X509_F_X509_PUBKEY_GET),      "X509_PUBKEY_get"},
-        {ERR_FUNC(X509_F_X509_PUBKEY_SET),      "X509_PUBKEY_set"},
-        {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),   "X509_REQ_check_private_key"},
-        {ERR_FUNC(X509_F_X509_REQ_PRINT_EX),    "X509_REQ_print_ex"},
-        {ERR_FUNC(X509_F_X509_REQ_PRINT_FP),    "X509_REQ_print_fp"},
-        {ERR_FUNC(X509_F_X509_REQ_TO_X509),     "X509_REQ_to_X509"},
-        {ERR_FUNC(X509_F_X509_STORE_ADD_CERT),  "X509_STORE_add_cert"},
-        {ERR_FUNC(X509_F_X509_STORE_ADD_CRL),   "X509_STORE_add_crl"},
-        {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),   "X509_STORE_CTX_get1_issuer"},
-        {ERR_FUNC(X509_F_X509_STORE_CTX_INIT),  "X509_STORE_CTX_init"},
-        {ERR_FUNC(X509_F_X509_STORE_CTX_NEW),   "X509_STORE_CTX_new"},
-        {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),       "X509_STORE_CTX_purpose_inherit"},
-        {ERR_FUNC(X509_F_X509_TO_X509_REQ),     "X509_to_X509_REQ"},
-        {ERR_FUNC(X509_F_X509_TRUST_ADD),       "X509_TRUST_add"},
-        {ERR_FUNC(X509_F_X509_TRUST_SET),       "X509_TRUST_set"},
-        {ERR_FUNC(X509_F_X509_VERIFY_CERT),     "X509_verify_cert"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index d8d0bb4147..6cde29fefc 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.22 2016/11/13 08:47:54 miod Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -349,7 +349,7 @@ X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
                 return 0;
         obj = malloc(sizeof(X509_OBJECT));
         if (obj == NULL) {
-                X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         obj->type = X509_LU_X509;
@@ -360,13 +360,11 @@ X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
         X509_OBJECT_up_ref_count(obj);
 
         if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
-                X509err(X509_F_X509_STORE_ADD_CERT,
-                    X509_R_CERT_ALREADY_IN_HASH_TABLE);
+                X509error(X509_R_CERT_ALREADY_IN_HASH_TABLE);
                 ret = 0;
         } else {
                 if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) {
-                        X509err(X509_F_X509_STORE_ADD_CERT,
-                            ERR_R_MALLOC_FAILURE);
+                        X509error(ERR_R_MALLOC_FAILURE);
                         ret = 0;
                 }
         }
@@ -394,7 +392,7 @@ X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
                 return 0;
         obj = malloc(sizeof(X509_OBJECT));
         if (obj == NULL) {
-                X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         obj->type = X509_LU_CRL;
@@ -405,13 +403,11 @@ X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
         X509_OBJECT_up_ref_count(obj);
 
         if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
-                X509err(X509_F_X509_STORE_ADD_CRL,
-                    X509_R_CERT_ALREADY_IN_HASH_TABLE);
+                X509error(X509_R_CERT_ALREADY_IN_HASH_TABLE);
                 ret = 0;
         } else {
                 if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) {
-                        X509err(X509_F_X509_STORE_ADD_CRL,
-                            ERR_R_MALLOC_FAILURE);
+                        X509error(ERR_R_MALLOC_FAILURE);
                         ret = 0;
                 }
         }
@@ -678,8 +674,7 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
         if (ok != X509_LU_X509) {
                 if (ok == X509_LU_RETRY) {
                         X509_OBJECT_free_contents(&obj);
-                        X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,
-                            X509_R_SHOULD_RETRY);
+                        X509error(X509_R_SHOULD_RETRY);
                         return -1;
                 } else if (ok != X509_LU_FAIL) {
                         X509_OBJECT_free_contents(&obj);
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
index f7f2a380a1..b34f25b013 100644
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ b/src/lib/libcrypto/x509/x509_obj.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_obj.c,v 1.16 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: x509_obj.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -172,7 +172,7 @@ X509_NAME_oneline(X509_NAME *a, char *buf, int len)
         return (p);
 
 err:
-        X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
+        X509error(ERR_R_MALLOC_FAILURE);
         if (b != NULL)
                 BUF_MEM_free(b);
         return (NULL);
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
index 76faa29b7f..525163bc3e 100644
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ b/src/lib/libcrypto/x509/x509_r2x.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_r2x.c,v 1.10 2015/09/30 17:30:16 jsing Exp $ */
+/* $OpenBSD: x509_r2x.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -74,7 +74,7 @@ X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
         X509_NAME *xn;
 
         if ((ret = X509_new()) == NULL) {
-                X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index e6fc3c5df8..f87b35c706 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_req.c,v 1.19 2016/12/30 15:24:51 jsing Exp $ */
+/* $OpenBSD: x509_req.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -80,7 +80,7 @@ X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 
         ret = X509_REQ_new();
         if (ret == NULL) {
-                X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -133,31 +133,26 @@ X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
                 ok = 1;
                 break;
         case 0:
-                X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
-                    X509_R_KEY_VALUES_MISMATCH);
+                X509error(X509_R_KEY_VALUES_MISMATCH);
                 break;
         case -1:
-                X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
-                    X509_R_KEY_TYPE_MISMATCH);
+                X509error(X509_R_KEY_TYPE_MISMATCH);
                 break;
         case -2:
 #ifndef OPENSSL_NO_EC
                 if (k->type == EVP_PKEY_EC) {
-                        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
-                            ERR_R_EC_LIB);
+                        X509error(ERR_R_EC_LIB);
                         break;
                 }
 #endif
 #ifndef OPENSSL_NO_DH
                 if (k->type == EVP_PKEY_DH) {
                         /* No idea */
-                        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
-                            X509_R_CANT_CHECK_DH_KEY);
+                        X509error(X509_R_CANT_CHECK_DH_KEY);
                         break;
                 }
 #endif
-                X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
-                    X509_R_UNKNOWN_KEY_TYPE);
+                X509error(X509_R_UNKNOWN_KEY_TYPE);
         }
 
         EVP_PKEY_free(xk);
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 5be7abdf08..9af74de1ca 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.21 2016/11/06 10:31:34 beck Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -178,7 +178,7 @@ int
 X509_TRUST_set(int *t, int trust)
 {
         if (X509_TRUST_get_by_id(trust) == -1) {
-                X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+                X509error(X509_R_INVALID_TRUST);
                 return 0;
         }
         *t = trust;
@@ -202,14 +202,14 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
         /* Need a new entry */
         if (idx == -1) {
                 if (!(trtmp = malloc(sizeof(X509_TRUST)))) {
-                        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+                        X509error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 trtmp->flags = X509_TRUST_DYNAMIC;
         } else {
                 trtmp = X509_TRUST_get0(idx);
                 if (trtmp == NULL) {
-                        X509err(X509_F_X509_TRUST_ADD, X509_R_INVALID_TRUST);
+                        X509error(X509_R_INVALID_TRUST);
                         return 0;
                 }
         }
@@ -246,7 +246,7 @@ err:
         free(name_dup);
         if (idx == -1)
                 free(trtmp);
-        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+        X509error(ERR_R_MALLOC_FAILURE);
         return 0;
 }
 
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
index d9ec9c8c14..446ef319f8 100644
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_v3.c,v 1.13 2016/03/21 04:05:33 mmcc Exp $ */
+/* $OpenBSD: x509_v3.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -156,7 +156,7 @@ X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc)
         STACK_OF(X509_EXTENSION) *sk = NULL;
 
         if (x == NULL) {
-                X509err(X509_F_X509V3_ADD_EXT, ERR_R_PASSED_NULL_PARAMETER);
+                X509error(ERR_R_PASSED_NULL_PARAMETER);
                 goto err2;
         }
 
@@ -181,7 +181,7 @@ X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc)
         return (sk);
 
 err:
-        X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
+        X509error(ERR_R_MALLOC_FAILURE);
 err2:
         if (new_ex != NULL)
                 X509_EXTENSION_free(new_ex);
@@ -199,8 +199,7 @@ X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit,
 
         obj = OBJ_nid2obj(nid);
         if (obj == NULL) {
-                X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,
-                    X509_R_UNKNOWN_NID);
+                X509error(X509_R_UNKNOWN_NID);
                 return (NULL);
         }
         ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
@@ -217,8 +216,7 @@ X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, ASN1_OBJECT *obj, int crit,
 
         if ((ex == NULL) || (*ex == NULL)) {
                 if ((ret = X509_EXTENSION_new()) == NULL) {
-                        X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,
-                            ERR_R_MALLOC_FAILURE);
+                        X509error(ERR_R_MALLOC_FAILURE);
                         return (NULL);
                 }
         } else
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 9dba97bbf8..b81387a237 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.59 2017/01/21 01:09:54 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.60 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -228,8 +228,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
         STACK_OF(X509) *sktmp = NULL;
 
         if (ctx->cert == NULL) {
-                X509err(X509_F_X509_VERIFY_CERT,
-                    X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+                X509error(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
                 ctx->error = X509_V_ERR_INVALID_CALL;
                 return -1;
         }
@@ -238,8 +237,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
                  * This X509_STORE_CTX has already been used to verify
                  * a cert. We cannot do another one.
                  */
-                X509err(X509_F_X509_VERIFY_CERT,
-                    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 ctx->error = X509_V_ERR_INVALID_CALL;
                 return -1;
         }
@@ -247,8 +245,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
                 /*
                  * This X509_STORE_CTX has not been properly initialized.
                  */
-                X509err(X509_F_X509_VERIFY_CERT,
-                    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 ctx->error = X509_V_ERR_INVALID_CALL;
                 return -1;
         }
@@ -262,7 +259,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
          */
         ctx->chain = sk_X509_new_null();
         if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
-                X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 ctx->error = X509_V_ERR_OUT_OF_MEM;
                 goto end;
         }
@@ -272,7 +269,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
         /* We use a temporary STACK so we can chop and hack at it */
         if (ctx->untrusted != NULL &&
             (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
-                X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 ctx->error = X509_V_ERR_OUT_OF_MEM;
                 goto end;
         }
@@ -316,8 +313,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
                         xtmp = find_issuer(ctx, sktmp, x);
                         if (xtmp != NULL) {
                                 if (!sk_X509_push(ctx->chain, xtmp)) {
-                                        X509err(X509_F_X509_VERIFY_CERT,
-                                            ERR_R_MALLOC_FAILURE);
+                                        X509error(ERR_R_MALLOC_FAILURE);
                                         ctx->error = X509_V_ERR_OUT_OF_MEM;
                                         ok = 0;
                                         goto end;
@@ -415,8 +411,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
                         x = xtmp;
                         if (!sk_X509_push(ctx->chain, x)) {
                                 X509_free(xtmp);
-                                X509err(X509_F_X509_VERIFY_CERT,
-                                    ERR_R_MALLOC_FAILURE);
+                                X509error(ERR_R_MALLOC_FAILURE);
                                 ctx->error = X509_V_ERR_OUT_OF_MEM;
                                 ok = 0;
                                 goto end;
@@ -488,7 +483,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
                 } else {
                         if (!sk_X509_push(ctx->chain, chain_ss)) {
                                 X509_free(chain_ss);
-                                X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+                                X509error(ERR_R_MALLOC_FAILURE);
                                 return 0;
                         }
                         num++;
@@ -1669,7 +1664,7 @@ check_policy(X509_STORE_CTX *ctx)
         ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
             ctx->param->policies, ctx->param->flags);
         if (ret == 0) {
-                X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         /* Invalid or inconsistent extensions */
@@ -1941,8 +1936,7 @@ X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
         for (i = 0; i < sk_X509_num(chain); i++) {
                 ktmp = X509_get_pubkey(sk_X509_value(chain, i));
                 if (ktmp == NULL) {
-                        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
-                            X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
+                        X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
                         return 0;
                 }
                 if (!EVP_PKEY_missing_parameters(ktmp))
@@ -1953,8 +1947,7 @@ X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
                 }
         }
         if (ktmp == NULL) {
-                X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
-                    X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
+                X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
                 return 0;
         }
 
@@ -2109,16 +2102,14 @@ X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
                 X509_PURPOSE *ptmp;
                 idx = X509_PURPOSE_get_by_id(purpose);
                 if (idx == -1) {
-                        X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-                            X509_R_UNKNOWN_PURPOSE_ID);
+                        X509error(X509_R_UNKNOWN_PURPOSE_ID);
                         return 0;
                 }
                 ptmp = X509_PURPOSE_get0(idx);
                 if (ptmp->trust == X509_TRUST_DEFAULT) {
                         idx = X509_PURPOSE_get_by_id(def_purpose);
                         if (idx == -1) {
-                                X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-                                    X509_R_UNKNOWN_PURPOSE_ID);
+                                X509error(X509_R_UNKNOWN_PURPOSE_ID);
                                 return 0;
                         }
                         ptmp = X509_PURPOSE_get0(idx);
@@ -2130,8 +2121,7 @@ X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
         if (trust) {
                 idx = X509_TRUST_get_by_id(trust);
                 if (idx == -1) {
-                        X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-                            X509_R_UNKNOWN_TRUST_ID);
+                        X509error(X509_R_UNKNOWN_TRUST_ID);
                         return 0;
                 }
         }
@@ -2150,7 +2140,7 @@ X509_STORE_CTX_new(void)
 
         ctx = calloc(1, sizeof(X509_STORE_CTX));
         if (!ctx) {
-                X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         return ctx;
@@ -2258,7 +2248,7 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 
         ctx->param = X509_VERIFY_PARAM_new();
         if (!ctx->param) {
-                X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
@@ -2275,13 +2265,13 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
                     X509_VERIFY_PARAM_lookup("default"));
 
         if (param_ret == 0) {
-                X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
 
         if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
             &(ctx->ex_data)) == 0) {
-                X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         return 1;
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
index 14634013cf..ef242ce0a5 100644
--- a/src/lib/libcrypto/x509/x509name.c
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509name.c,v 1.13 2014/09/29 04:17:24 miod Exp $ */
+/* $OpenBSD: x509name.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -275,7 +275,7 @@ X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, int set)
                 goto err;
         new_name->set = set;
         if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
-                X509err(X509_F_X509_NAME_ADD_ENTRY, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         if (inc) {
@@ -300,8 +300,7 @@ X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
 
         obj = OBJ_txt2obj(field, 0);
         if (obj == NULL) {
-                X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
-                    X509_R_INVALID_FIELD_NAME);
+                X509error(X509_R_INVALID_FIELD_NAME);
                 ERR_asprintf_error_data("name=%s", field);
                 return (NULL);
         }
@@ -319,8 +318,7 @@ X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,
 
         obj = OBJ_nid2obj(nid);
         if (obj == NULL) {
-                X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,
-                    X509_R_UNKNOWN_NID);
+                X509error(X509_R_UNKNOWN_NID);
                 return (NULL);
         }
         nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
@@ -359,8 +357,7 @@ int
 X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
 {
         if ((ne == NULL) || (obj == NULL)) {
-                X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
-                    ERR_R_PASSED_NULL_PARAMETER);
+                X509error(ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
         ASN1_OBJECT_free(ne->object);
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
index cd29a8138a..3a1c37cd86 100644
--- a/src/lib/libcrypto/x509/x509spki.c
+++ b/src/lib/libcrypto/x509/x509spki.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509spki.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: x509spki.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -91,13 +91,12 @@ NETSCAPE_SPKI_b64_decode(const char *str, int len)
         if (len <= 0)
                 len = strlen(str);
         if (!(spki_der = malloc(len + 1))) {
-                X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
         if (spki_len < 0) {
-                X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
-                    X509_R_BASE64_DECODE_ERROR);
+                X509error(X509_R_BASE64_DECODE_ERROR);
                 free(spki_der);
                 return NULL;
         }
@@ -119,7 +118,7 @@ NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
         der_spki = malloc(der_len);
         b64_str = reallocarray(NULL, der_len, 2);
         if (!der_spki || !b64_str) {
-                X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
+                X509error(ERR_R_MALLOC_FAILURE);
                 free(der_spki);
                 free(b64_str);
                 return NULL;
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
index 028c709d28..e2e5730c7d 100644
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_akey.c,v 1.18 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_akey.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -145,8 +145,7 @@ v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                         if (cnf->value && !strcmp(cnf->value, "always"))
                                 issuer = 2;
                 } else {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
-                            X509V3_R_UNKNOWN_OPTION);
+                        X509V3error(X509V3_R_UNKNOWN_OPTION);
                         ERR_asprintf_error_data("name=%s", cnf->name);
                         return NULL;
                 }
@@ -155,8 +154,7 @@ v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         if (!ctx || !ctx->issuer_cert) {
                 if (ctx && (ctx->flags == CTX_TEST))
                         return AUTHORITY_KEYID_new();
-                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
-                    X509V3_R_NO_ISSUER_CERTIFICATE);
+                X509V3error(X509V3_R_NO_ISSUER_CERTIFICATE);
                 return NULL;
         }
 
@@ -167,8 +165,7 @@ v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                 if ((i >= 0)  && (ext = X509_get_ext(cert, i)))
                         ikeyid = X509V3_EXT_d2i(ext);
                 if (keyid == 2 && !ikeyid) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
-                            X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+                        X509V3error(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
                         return NULL;
                 }
         }
@@ -177,8 +174,7 @@ v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                 isname = X509_NAME_dup(X509_get_issuer_name(cert));
                 serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
                 if (!isname || !serial) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
-                            X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+                        X509V3error(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
                         goto err;
                 }
         }
@@ -190,8 +186,7 @@ v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                 if (!(gens = sk_GENERAL_NAME_new_null()) ||
                     !(gen = GENERAL_NAME_new()) ||
                     !sk_GENERAL_NAME_push(gens, gen)) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
-                            ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 gen->type = GEN_DIRNAME;
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 23867ea449..746339bebd 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_alt.c,v 1.26 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_alt.c,v 1.27 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -279,7 +279,7 @@ v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         int i;
 
         if ((gens = sk_GENERAL_NAME_new_null()) == NULL) {
-                X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -318,7 +318,7 @@ copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
         if (ctx && (ctx->flags == CTX_TEST))
                 return 1;
         if (!ctx || !ctx->issuer_cert) {
-                X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_NO_ISSUER_DETAILS);
+                X509V3error(X509V3_R_NO_ISSUER_DETAILS);
                 goto err;
         }
         i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
@@ -326,14 +326,14 @@ copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
                 return 1;
         if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
             !(ialt = X509V3_EXT_d2i(ext))) {
-                X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR);
+                X509V3error(X509V3_R_ISSUER_DECODE_ERROR);
                 goto err;
         }
 
         for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
                 gen = sk_GENERAL_NAME_value(ialt, i);
                 if (!sk_GENERAL_NAME_push(gens, gen)) {
-                        X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
@@ -355,7 +355,7 @@ v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         int i;
 
         if (!(gens = sk_GENERAL_NAME_new_null())) {
-                X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -401,7 +401,7 @@ copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
         if (ctx != NULL && ctx->flags == CTX_TEST)
                 return 1;
         if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
-                X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS);
+                X509V3error(X509V3_R_NO_SUBJECT_DETAILS);
                 goto err;
         }
         /* Find the subject name */
@@ -422,14 +422,14 @@ copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
                         i--;
                 }
                 if (!email || !(gen = GENERAL_NAME_new())) {
-                        X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 gen->d.ia5 = email;
                 email = NULL;
                 gen->type = GEN_EMAIL;
                 if (!sk_GENERAL_NAME_push(gens, gen)) {
-                        X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 gen = NULL;
@@ -453,7 +453,7 @@ v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         int i;
 
         if (!(gens = sk_GENERAL_NAME_new_null())) {
-                X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -487,7 +487,7 @@ a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
         GENERAL_NAME *gen = NULL;
 
         if (!value) {
-                X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_MISSING_VALUE);
+                X509V3error(X509V3_R_MISSING_VALUE);
                 return NULL;
         }
 
@@ -496,8 +496,7 @@ a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
         else {
                 gen = GENERAL_NAME_new();
                 if (gen == NULL) {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,
-                            ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         return NULL;
                 }
         }
@@ -513,8 +512,7 @@ a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
                 {
                         ASN1_OBJECT *obj;
                         if (!(obj = OBJ_txt2obj(value, 0))) {
-                                X509V3err(X509V3_F_A2I_GENERAL_NAME,
-                                    X509V3_R_BAD_OBJECT);
+                                X509V3error(X509V3_R_BAD_OBJECT);
                                 ERR_asprintf_error_data("value=%s", value);
                                 goto err;
                         }
@@ -528,8 +526,7 @@ a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
                 else
                         gen->d.ip = a2i_IPADDRESS(value);
                 if (gen->d.ip == NULL) {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,
-                            X509V3_R_BAD_IP_ADDRESS);
+                        X509V3error(X509V3_R_BAD_IP_ADDRESS);
                         ERR_asprintf_error_data("value=%s", value);
                         goto err;
                 }
@@ -537,22 +534,20 @@ a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
 
         case GEN_DIRNAME:
                 if (!do_dirname(gen, value, ctx)) {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,
-                            X509V3_R_DIRNAME_ERROR);
+                        X509V3error(X509V3_R_DIRNAME_ERROR);
                         goto err;
                 }
                 break;
 
         case GEN_OTHERNAME:
                 if (!do_othername(gen, value, ctx)) {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,
-                            X509V3_R_OTHERNAME_ERROR);
+                        X509V3error(X509V3_R_OTHERNAME_ERROR);
                         goto err;
                 }
                 break;
 
         default:
-                X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_UNSUPPORTED_TYPE);
+                X509V3error(X509V3_R_UNSUPPORTED_TYPE);
                 goto err;
         }
 
@@ -560,8 +555,7 @@ a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
                 if (!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
                     !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
                         strlen(value))) {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,
-                            ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
@@ -587,7 +581,7 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
         value = cnf->value;
 
         if (!value) {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE);
+                X509V3error(X509V3_R_MISSING_VALUE);
                 return NULL;
         }
 
@@ -606,8 +600,7 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
         else if (!name_cmp(name, "otherName"))
                 type = GEN_OTHERNAME;
         else {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,
-                    X509V3_R_UNSUPPORTED_OPTION);
+                X509V3error(X509V3_R_UNSUPPORTED_OPTION);
                 ERR_asprintf_error_data("name=%s", name);
                 return NULL;
         }
@@ -655,7 +648,7 @@ do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
                 return 0;
         sk = X509V3_get_section(ctx, value);
         if (!sk) {
-                X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
+                X509V3error(X509V3_R_SECTION_NOT_FOUND);
                 ERR_asprintf_error_data("section=%s", value);
                 X509_NAME_free(nm);
                 return 0;
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
index 96b42e2e20..6c5823c44e 100644
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ b/src/lib/libcrypto/x509v3/v3_bcons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_bcons.c,v 1.14 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_bcons.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -159,7 +159,7 @@ v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         int i;
 
         if (!(bcons = BASIC_CONSTRAINTS_new())) {
-                X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
@@ -171,8 +171,7 @@ v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                         if (!X509V3_get_value_int(val, &bcons->pathlen))
                                 goto err;
                 } else {
-                        X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS,
-                            X509V3_R_INVALID_NAME);
+                        X509V3error(X509V3_R_INVALID_NAME);
                         X509V3_conf_err(val);
                         goto err;
                 }
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
index e846fc2ffe..039faf2fd6 100644
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ b/src/lib/libcrypto/x509v3/v3_bitst.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_bitst.c,v 1.13 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_bitst.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -145,7 +145,7 @@ v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         BIT_STRING_BITNAME *bnam;
 
         if (!(bs = ASN1_BIT_STRING_new())) {
-                X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -155,8 +155,7 @@ v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                             !strcmp(bnam->lname, val->name) ) {
                                 if (!ASN1_BIT_STRING_set_bit(bs,
                                     bnam->bitnum, 1)) {
-                                        X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
-                                            ERR_R_MALLOC_FAILURE);
+                                        X509V3error(ERR_R_MALLOC_FAILURE);
                                         ASN1_BIT_STRING_free(bs);
                                         return NULL;
                                 }
@@ -164,8 +163,7 @@ v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                         }
                 }
                 if (!bnam->lname) {
-                        X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
-                            X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+                        X509V3error(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
                         X509V3_conf_err(val);
                         ASN1_BIT_STRING_free(bs);
                         return NULL;
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index 6847985913..27e1bc9f57 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_conf.c,v 1.20 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_conf.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -93,8 +93,7 @@ X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
                 return v3_generic_extension(name, value, crit, ext_type, ctx);
         ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
         if (!ret) {
-                X509V3err(X509V3_F_X509V3_EXT_NCONF,
-                    X509V3_R_ERROR_IN_EXTENSION);
+                X509V3error(X509V3_R_ERROR_IN_EXTENSION);
                 ERR_asprintf_error_data("name=%s, value=%s", name, value);
         }
         return ret;
@@ -125,12 +124,11 @@ do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
         void *ext_struc;
 
         if (ext_nid == NID_undef) {
-                X509V3err(X509V3_F_DO_EXT_NCONF,
-                    X509V3_R_UNKNOWN_EXTENSION_NAME);
+                X509V3error(X509V3_R_UNKNOWN_EXTENSION_NAME);
                 return NULL;
         }
         if (!(method = X509V3_EXT_get_nid(ext_nid))) {
-                X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
+                X509V3error(X509V3_R_UNKNOWN_EXTENSION);
                 return NULL;
         }
         /* Now get internal extension representation based on type */
@@ -142,8 +140,7 @@ do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
                 else
                         nval = X509V3_parse_list(value);
                 if (sk_CONF_VALUE_num(nval) <= 0) {
-                        X509V3err(X509V3_F_DO_EXT_NCONF,
-                            X509V3_R_INVALID_EXTENSION_STRING);
+                        X509V3error(X509V3_R_INVALID_EXTENSION_STRING);
                         ERR_asprintf_error_data("name=%s,section=%s",
                             OBJ_nid2sn(ext_nid), value);
                         if (*value != '@')
@@ -157,14 +154,12 @@ do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
                 ext_struc = method->s2i(method, ctx, value);
         } else if (method->r2i) {
                 if (!ctx->db || !ctx->db_meth) {
-                        X509V3err(X509V3_F_DO_EXT_NCONF,
-                            X509V3_R_NO_CONFIG_DATABASE);
+                        X509V3error(X509V3_R_NO_CONFIG_DATABASE);
                         return NULL;
                 }
                 ext_struc = method->r2i(method, ctx, value);
         } else {
-                X509V3err(X509V3_F_DO_EXT_NCONF,
-                    X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+                X509V3error(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
                 ERR_asprintf_error_data("name=%s", OBJ_nid2sn(ext_nid));
                 return NULL;
         }
@@ -217,7 +212,7 @@ do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit,
 
 merr:
         ASN1_OCTET_STRING_free(ext_oct);
-        X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
         return NULL;
 
 }
@@ -230,7 +225,7 @@ X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
         const X509V3_EXT_METHOD *method;
 
         if (!(method = X509V3_EXT_get_nid(ext_nid))) {
-                X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
+                X509V3error(X509V3_R_UNKNOWN_EXTENSION);
                 return NULL;
         }
         return do_ext_i2d(method, ext_nid, crit, ext_struc);
@@ -284,8 +279,7 @@ v3_generic_extension(const char *ext, char *value, int crit, int gen_type,
         X509_EXTENSION *extension = NULL;
 
         if (!(obj = OBJ_txt2obj(ext, 0))) {
-                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
-                    X509V3_R_EXTENSION_NAME_ERROR);
+                X509V3error(X509V3_R_EXTENSION_NAME_ERROR);
                 ERR_asprintf_error_data("name=%s", ext);
                 goto err;
         }
@@ -300,14 +294,13 @@ v3_generic_extension(const char *ext, char *value, int crit, int gen_type,
         }
 
         if (ext_der == NULL) {
-                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
-                    X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3error(X509V3_R_EXTENSION_VALUE_ERROR);
                 ERR_asprintf_error_data("value=%s", value);
                 goto err;
         }
 
         if (!(oct = ASN1_OCTET_STRING_new())) {
-                X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -414,8 +407,7 @@ char *
 X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
 {
         if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
-                X509V3err(X509V3_F_X509V3_GET_STRING,
-                    X509V3_R_OPERATION_NOT_DEFINED);
+                X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
                 return NULL;
         }
         if (ctx->db_meth->get_string)
@@ -427,8 +419,7 @@ STACK_OF(CONF_VALUE) *
 X509V3_get_section(X509V3_CTX *ctx, char *section)
 {
         if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
-                X509V3err(X509V3_F_X509V3_GET_SECTION,
-                    X509V3_R_OPERATION_NOT_DEFINED);
+                X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
                 return NULL;
         }
         if (ctx->db_meth->get_section)
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index 216e91c040..34d3381d76 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_cpols.c,v 1.24 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_cpols.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -412,20 +412,19 @@ STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 
         pols = sk_POLICYINFO_new_null();
         if (pols == NULL) {
-                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         vals = X509V3_parse_list(value);
         if (vals == NULL) {
-                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+                X509V3error(ERR_R_X509V3_LIB);
                 goto err;
         }
         ia5org = 0;
         for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
                 cnf = sk_CONF_VALUE_value(vals, i);
                 if (cnf->value || !cnf->name) {
-                        X509V3err(X509V3_F_R2I_CERTPOL,
-                            X509V3_R_INVALID_POLICY_IDENTIFIER);
+                        X509V3error(X509V3_R_INVALID_POLICY_IDENTIFIER);
                         X509V3_conf_err(cnf);
                         goto err;
                 }
@@ -437,8 +436,7 @@ STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                         STACK_OF(CONF_VALUE) *polsect;
                         polsect = X509V3_get_section(ctx, pstr + 1);
                         if (!polsect) {
-                                X509V3err(X509V3_F_R2I_CERTPOL,
-                                    X509V3_R_INVALID_SECTION);
+                                X509V3error(X509V3_R_INVALID_SECTION);
                                 X509V3_conf_err(cnf);
                                 goto err;
                         }
@@ -448,8 +446,7 @@ STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                                 goto err;
                 } else {
                         if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
-                                X509V3err(X509V3_F_R2I_CERTPOL,
-                                    X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                                X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
                                 X509V3_conf_err(cnf);
                                 goto err;
                         }
@@ -458,7 +455,7 @@ STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                 }
                 if (!sk_POLICYINFO_push(pols, pol)){
                         POLICYINFO_free(pol);
-                        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
         }
@@ -487,8 +484,7 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
                         ASN1_OBJECT *pobj;
 
                         if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) {
-                                X509V3err(X509V3_F_POLICY_SECTION,
-                                    X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                                X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
                                 X509V3_conf_err(cnf);
                                 goto err;
                         }
@@ -517,15 +513,13 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
                         POLICYQUALINFO *qual;
 
                         if (*cnf->value != '@') {
-                                X509V3err(X509V3_F_POLICY_SECTION,
-                                    X509V3_R_EXPECTED_A_SECTION_NAME);
+                                X509V3error(X509V3_R_EXPECTED_A_SECTION_NAME);
                                 X509V3_conf_err(cnf);
                                 goto err;
                         }
                         unot = X509V3_get_section(ctx, cnf->value + 1);
                         if (unot == NULL) {
-                                X509V3err(X509V3_F_POLICY_SECTION,
-                                    X509V3_R_INVALID_SECTION);
+                                X509V3error(X509V3_R_INVALID_SECTION);
                                 X509V3_conf_err(cnf);
                                 goto err;
                         }
@@ -542,22 +536,20 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
                         if (sk_POLICYQUALINFO_push(pol->qualifiers, qual) == 0)
                                 goto merr;
                 } else {
-                        X509V3err(X509V3_F_POLICY_SECTION,
-                            X509V3_R_INVALID_OPTION);
+                        X509V3error(X509V3_R_INVALID_OPTION);
                         X509V3_conf_err(cnf);
                         goto err;
                 }
         }
         if (pol->policyid == NULL) {
-                X509V3err(X509V3_F_POLICY_SECTION,
-                    X509V3_R_NO_POLICY_IDENTIFIER);
+                X509V3error(X509V3_R_NO_POLICY_IDENTIFIER);
                 goto err;
         }
 
         return pol;
 
 merr:
-        X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
 
 err:
         POLICYQUALINFO_free(nqual);
@@ -616,8 +608,7 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
                                 nref = not->noticeref;
                         nos = X509V3_parse_list(cnf->value);
                         if (!nos || !sk_CONF_VALUE_num(nos)) {
-                                X509V3err(X509V3_F_NOTICE_SECTION,
-                                    X509V3_R_INVALID_NUMBERS);
+                                X509V3error(X509V3_R_INVALID_NUMBERS);
                                 X509V3_conf_err(cnf);
                                 if (nos != NULL)
                                         sk_CONF_VALUE_pop_free(nos,
@@ -629,8 +620,7 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
                         if (!ret)
                                 goto err;
                 } else {
-                        X509V3err(X509V3_F_NOTICE_SECTION,
-                            X509V3_R_INVALID_OPTION);
+                        X509V3error(X509V3_R_INVALID_OPTION);
                         X509V3_conf_err(cnf);
                         goto err;
                 }
@@ -638,15 +628,14 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
 
         if (not->noticeref &&
             (!not->noticeref->noticenos || !not->noticeref->organization)) {
-                X509V3err(X509V3_F_NOTICE_SECTION,
-                    X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
+                X509V3error(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
                 goto err;
         }
 
         return qual;
 
 merr:
-        X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
 
 err:
         POLICYQUALINFO_free(qual);
@@ -663,7 +652,7 @@ nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
         for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
                 cnf = sk_CONF_VALUE_value(nos, i);
                 if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
-                        X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
+                        X509V3error(X509V3_R_INVALID_NUMBER);
                         goto err;
                 }
                 if (!sk_ASN1_INTEGER_push(nnums, aint))
@@ -672,7 +661,7 @@ nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
         return 1;
 
 merr:
-        X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
 
 err:
         sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index b13bbc3501..f9f69fee14 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_crld.c,v 1.20 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_crld.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -115,8 +115,7 @@ STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
         else
                 gnsect = X509V3_parse_list(sect);
         if (!gnsect) {
-                X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
-                    X509V3_R_SECTION_NOT_FOUND);
+                X509V3error(X509V3_R_SECTION_NOT_FOUND);
                 return NULL;
         }
         gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
@@ -146,8 +145,7 @@ set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf)
                         return -1;
                 dnsect = X509V3_get_section(ctx, cnf->value);
                 if (!dnsect) {
-                        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-                            X509V3_R_SECTION_NOT_FOUND);
+                        X509V3error(X509V3_R_SECTION_NOT_FOUND);
                         X509_NAME_free(nm);
                         return -1;
                 }
@@ -163,16 +161,14 @@ set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf)
                  */
                 if (sk_X509_NAME_ENTRY_value(rnm,
                     sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
-                        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-                            X509V3_R_INVALID_MULTIPLE_RDNS);
+                        X509V3error(X509V3_R_INVALID_MULTIPLE_RDNS);
                         goto err;
                 }
         } else
                 return 0;
 
         if (*pdp) {
-                X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-                    X509V3_R_DISTPOINT_ALREADY_SET);
+                X509V3error(X509V3_R_DISTPOINT_ALREADY_SET);
                 goto err;
         }
 
@@ -361,7 +357,7 @@ v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         return crld;
 
 merr:
-        X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
 err:
         GENERAL_NAME_free(gen);
         GENERAL_NAMES_free(gens);
@@ -692,7 +688,7 @@ v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                         if (!set_reasons(&idp->onlysomereasons, val))
                                 goto err;
                 } else {
-                        X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
+                        X509V3error(X509V3_R_INVALID_NAME);
                         X509V3_conf_err(cnf);
                         goto err;
                 }
@@ -700,7 +696,7 @@ v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         return idp;
 
 merr:
-        X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
 err:
         ISSUING_DIST_POINT_free(idp);
         return NULL;
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
index 88682f6818..527e80b28e 100644
--- a/src/lib/libcrypto/x509v3/v3_extku.c
+++ b/src/lib/libcrypto/x509v3/v3_extku.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_extku.c,v 1.14 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_extku.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -175,8 +175,7 @@ v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         int i;
 
         if (!(extku = sk_ASN1_OBJECT_new_null())) {
-                X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
-                    ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -188,16 +187,14 @@ v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                         extval = val->name;
                 if (!(objtmp = OBJ_txt2obj(extval, 0))) {
                         sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
-                        X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
-                            X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                        X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
                         X509V3_conf_err(val);
                         return NULL;
                 }
                 if (sk_ASN1_OBJECT_push(extku, objtmp) == 0) {
                         ASN1_OBJECT_free(objtmp);
                         sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
-                        X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
-                            ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         return NULL;
                 }
         }
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
index 74b6439346..a92041e691 100644
--- a/src/lib/libcrypto/x509v3/v3_ia5.c
+++ b/src/lib/libcrypto/x509v3/v3_ia5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_ia5.c,v 1.16 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_ia5.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -207,7 +207,7 @@ i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5)
         if (!ia5 || !ia5->length)
                 return NULL;
         if (!(tmp = malloc(ia5->length + 1))) {
-                X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         memcpy(tmp, ia5->data, ia5->length);
@@ -220,8 +220,7 @@ s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
 {
         ASN1_IA5STRING *ia5;
         if (!str) {
-                X509V3err(X509V3_F_S2I_ASN1_IA5STRING,
-                    X509V3_R_INVALID_NULL_ARGUMENT);
+                X509V3error(X509V3_R_INVALID_NULL_ARGUMENT);
                 return NULL;
         }
         if (!(ia5 = ASN1_IA5STRING_new()))
@@ -234,6 +233,6 @@ s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
         return ia5;
 
 err:
-        X509V3err(X509V3_F_S2I_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
         return NULL;
 }
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index 34ffb1c539..27b5415b2a 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_info.c,v 1.24 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_info.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -221,8 +221,7 @@ i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
                 nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
                 ntmp = malloc(nlen);
                 if (!ntmp) {
-                        X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
-                            ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         return NULL;
                 }
                 strlcpy(ntmp, objtmp, nlen);
@@ -248,27 +247,23 @@ v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         char *objtmp, *ptmp;
 
         if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
-                X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
-                    ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
                 cnf = sk_CONF_VALUE_value(nval, i);
                 if ((acc = ACCESS_DESCRIPTION_new()) == NULL) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
-                            ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 if (sk_ACCESS_DESCRIPTION_push(ainfo, acc) == 0) {
                         ACCESS_DESCRIPTION_free(acc);
-                        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
-                            ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 ptmp = strchr(cnf->name, ';');
                 if (!ptmp) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
-                            X509V3_R_INVALID_SYNTAX);
+                        X509V3error(X509V3_R_INVALID_SYNTAX);
                         goto err;
                 }
                 objlen = ptmp - cnf->name;
@@ -277,15 +272,13 @@ v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                 if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
                         goto err;
                 if (!(objtmp = malloc(objlen + 1))) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
-                            ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
                 strlcpy(objtmp, cnf->name, objlen + 1);
                 acc->method = OBJ_txt2obj(objtmp, 0);
                 if (!acc->method) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
-                            X509V3_R_BAD_OBJECT);
+                        X509V3error(X509V3_R_BAD_OBJECT);
                         ERR_asprintf_error_data("value=%s", objtmp);
                         free(objtmp);
                         goto err;
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
index 946ef1d54e..f0cc93bda6 100644
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_lib.c,v 1.16 2017/01/21 04:42:16 jsing Exp $ */
+/* $OpenBSD: v3_lib.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -75,11 +75,11 @@ int
 X509V3_EXT_add(X509V3_EXT_METHOD *ext)
 {
         if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
-                X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
-                X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         return 1;
@@ -157,12 +157,11 @@ X509V3_EXT_add_alias(int nid_to, int nid_from)
         X509V3_EXT_METHOD *tmpext;
 
         if (!(ext = X509V3_EXT_get_nid(nid_from))) {
-                X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,
-                    X509V3_R_EXTENSION_NOT_FOUND);
+                X509V3error(X509V3_R_EXTENSION_NOT_FOUND);
                 return 0;
         }
         if (!(tmpext = malloc(sizeof(X509V3_EXT_METHOD)))) {
-                X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         *tmpext = *ext;
@@ -331,8 +330,7 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
         ext = X509V3_EXT_i2d(nid, crit, value);
 
         if (!ext) {
-                X509V3err(X509V3_F_X509V3_ADD1_I2D,
-                    X509V3_R_ERROR_CREATING_EXTENSION);
+                X509V3error(X509V3_R_ERROR_CREATING_EXTENSION);
                 return 0;
         }
 
@@ -354,6 +352,6 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
 
 err:
         if (!(flags & X509V3_ADD_SILENT))
-                X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
+                X509V3error(errcode);
         return 0;
 }
diff --git a/src/lib/libcrypto/x509v3/v3_ncons.c b/src/lib/libcrypto/x509v3/v3_ncons.c
index e96d426de6..88643981ca 100644
--- a/src/lib/libcrypto/x509v3/v3_ncons.c
+++ b/src/lib/libcrypto/x509v3/v3_ncons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_ncons.c,v 1.10 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_ncons.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -204,8 +204,7 @@ v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                         ptree = &ncons->excludedSubtrees;
                         tval.name = val->name + 9;
                 } else {
-                        X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS,
-                            X509V3_R_INVALID_SYNTAX);
+                        X509V3error(X509V3_R_INVALID_SYNTAX);
                         goto err;
                 }
                 tval.value = val->value;
@@ -222,7 +221,7 @@ v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         return ncons;
 
 memerr:
-        X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
 err:
         if (ncons)
                 NAME_CONSTRAINTS_free(ncons);
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
index 0c8094dcb8..8ebda2e770 100644
--- a/src/lib/libcrypto/x509v3/v3_ocsp.c
+++ b/src/lib/libcrypto/x509v3/v3_ocsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_ocsp.c,v 1.14 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_ocsp.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -313,7 +313,7 @@ d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
 err:
         if (pos == NULL || *pos != os)
                 ASN1_OCTET_STRING_free(os);
-        OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+        OCSPerror(ERR_R_MALLOC_FAILURE);
         return NULL;
 }
 
diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c
index d0a1af96ea..dd015452d0 100644
--- a/src/lib/libcrypto/x509v3/v3_pci.c
+++ b/src/lib/libcrypto/x509v3/v3_pci.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pci.c,v 1.11 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_pci.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
 /* Contributed to the OpenSSL Project 2004
  * by Richard Levitte (richard@levitte.org)
  */
@@ -90,28 +90,24 @@ process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language,
 
         if (strcmp(val->name, "language") == 0) {
                 if (*language) {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                            X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
+                        X509V3error(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
                         X509V3_conf_err(val);
                         return 0;
                 }
                 if (!(*language = OBJ_txt2obj(val->value, 0))) {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                            X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                        X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
                         X509V3_conf_err(val);
                         return 0;
                 }
         }
         else if (strcmp(val->name, "pathlen") == 0) {
                 if (*pathlen) {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                            X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
+                        X509V3error(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
                         X509V3_conf_err(val);
                         return 0;
                 }
                 if (!X509V3_get_value_int(val, pathlen)) {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                            X509V3_R_POLICY_PATH_LENGTH);
+                        X509V3error(X509V3_R_POLICY_PATH_LENGTH);
                         X509V3_conf_err(val);
                         return 0;
                 }
@@ -122,8 +118,7 @@ process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language,
                 if (!*policy) {
                         *policy = ASN1_OCTET_STRING_new();
                         if (!*policy) {
-                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                                    ERR_R_MALLOC_FAILURE);
+                                X509V3error(ERR_R_MALLOC_FAILURE);
                                 X509V3_conf_err(val);
                                 return 0;
                         }
@@ -134,8 +129,7 @@ process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language,
                             string_to_hex(val->value + 4, &val_len);
 
                         if (!tmp_data2) {
-                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                                    X509V3_R_ILLEGAL_HEX_DIGIT);
+                                X509V3error(X509V3_R_ILLEGAL_HEX_DIGIT);
                                 X509V3_conf_err(val);
                                 goto err;
                         }
@@ -153,8 +147,7 @@ process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language,
                                 free((*policy)->data);
                                 (*policy)->data = NULL;
                                 (*policy)->length = 0;
-                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                                    ERR_R_MALLOC_FAILURE);
+                                X509V3error(ERR_R_MALLOC_FAILURE);
                                 X509V3_conf_err(val);
                                 goto err;
                         }
@@ -165,8 +158,7 @@ process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language,
                         int n;
                         BIO *b = BIO_new_file(val->value + 5, "r");
                         if (!b) {
-                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                                    ERR_R_BIO_LIB);
+                                X509V3error(ERR_R_BIO_LIB);
                                 X509V3_conf_err(val);
                                 goto err;
                         }
@@ -190,8 +182,7 @@ process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language,
                         BIO_free_all(b);
 
                         if (n < 0) {
-                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                                    ERR_R_BIO_LIB);
+                                X509V3error(ERR_R_BIO_LIB);
                                 X509V3_conf_err(val);
                                 goto err;
                         }
@@ -210,20 +201,17 @@ process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language,
                                 free((*policy)->data);
                                 (*policy)->data = NULL;
                                 (*policy)->length = 0;
-                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                                    ERR_R_MALLOC_FAILURE);
+                                X509V3error(ERR_R_MALLOC_FAILURE);
                                 X509V3_conf_err(val);
                                 goto err;
                         }
                 } else {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                            X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
+                        X509V3error(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
                         X509V3_conf_err(val);
                         goto err;
                 }
                 if (!tmp_data) {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                            ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         X509V3_conf_err(val);
                         goto err;
                 }
@@ -252,8 +240,7 @@ r2i_pci(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value)
         for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
                 CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
                 if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
-                        X509V3err(X509V3_F_R2I_PCI,
-                            X509V3_R_INVALID_PROXY_POLICY_SETTING);
+                        X509V3error(X509V3_R_INVALID_PROXY_POLICY_SETTING);
                         X509V3_conf_err(cnf);
                         goto err;
                 }
@@ -263,8 +250,7 @@ r2i_pci(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value)
 
                         sect = X509V3_get_section(ctx, cnf->name + 1);
                         if (!sect) {
-                                X509V3err(X509V3_F_R2I_PCI,
-                                    X509V3_R_INVALID_SECTION);
+                                X509V3error(X509V3_R_INVALID_SECTION);
                                 X509V3_conf_err(cnf);
                                 goto err;
                         }
@@ -288,20 +274,18 @@ r2i_pci(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value)
 
         /* Language is mandatory */
         if (!language) {
-                X509V3err(X509V3_F_R2I_PCI,
-                    X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
+                X509V3error(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
                 goto err;
         }
         i = OBJ_obj2nid(language);
         if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
-                X509V3err(X509V3_F_R2I_PCI,
-                    X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
+                X509V3error(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
                 goto err;
         }
 
         pci = PROXY_CERT_INFO_EXTENSION_new();
         if (!pci) {
-                X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/x509v3/v3_pcons.c b/src/lib/libcrypto/x509v3/v3_pcons.c
index 144ba88e8d..30487a4d18 100644
--- a/src/lib/libcrypto/x509v3/v3_pcons.c
+++ b/src/lib/libcrypto/x509v3/v3_pcons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pcons.c,v 1.10 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_pcons.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -150,8 +150,7 @@ v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         int i;
 
         if (!(pcons = POLICY_CONSTRAINTS_new())) {
-                X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
-                    ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
@@ -163,15 +162,13 @@ v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                         if (!X509V3_get_value_int(val,
                             &pcons->inhibitPolicyMapping)) goto err;
                 } else {
-                        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
-                            X509V3_R_INVALID_NAME);
+                        X509V3error(X509V3_R_INVALID_NAME);
                         X509V3_conf_err(val);
                         goto err;
                 }
         }
         if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
-                X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
-                    X509V3_R_ILLEGAL_EMPTY_EXTENSION);
+                X509V3error(X509V3_R_ILLEGAL_EMPTY_EXTENSION);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/x509v3/v3_pmaps.c b/src/lib/libcrypto/x509v3/v3_pmaps.c
index 8c92098006..32ef6be866 100644
--- a/src/lib/libcrypto/x509v3/v3_pmaps.c
+++ b/src/lib/libcrypto/x509v3/v3_pmaps.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pmaps.c,v 1.10 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_pmaps.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -174,7 +174,7 @@ v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
         int i, rc;
 
         if (!(pmaps = sk_POLICY_MAPPING_new_null())) {
-                X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -208,7 +208,7 @@ v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 
 err:
         sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
-        X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, rc);
+        X509V3error(rc);
         if (rc == X509V3_R_INVALID_OBJECT_IDENTIFIER)
                 X509V3_conf_err(val);
         ASN1_OBJECT_free(obj1);
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index d8ab679304..bdcdf95d12 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_purp.c,v 1.28 2017/01/21 04:42:16 jsing Exp $ */
+/* $OpenBSD: v3_purp.c,v 1.29 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -138,7 +138,7 @@ int
 X509_PURPOSE_set(int *p, int purpose)
 {
         if (X509_PURPOSE_get_by_id(purpose) == -1) {
-                X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+                X509V3error(X509V3_R_INVALID_PURPOSE);
                 return 0;
         }
         *p = purpose;
@@ -206,8 +206,7 @@ X509_PURPOSE_add(int id, int trust, int flags,
         name_dup = sname_dup = NULL;
 
         if (name == NULL || sname == NULL) {
-                X509V3err(X509V3_F_X509_PURPOSE_ADD,
-                    X509V3_R_INVALID_NULL_ARGUMENT);
+                X509V3error(X509V3_R_INVALID_NULL_ARGUMENT);
                 return 0;
         }
 
@@ -220,8 +219,7 @@ X509_PURPOSE_add(int id, int trust, int flags,
         /* Need a new entry */
         if (idx == -1) {
                 if ((ptmp = malloc(sizeof(X509_PURPOSE))) == NULL) {
-                        X509V3err(X509V3_F_X509_PURPOSE_ADD,
-                            ERR_R_MALLOC_FAILURE);
+                        X509V3error(ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 ptmp->flags = X509_PURPOSE_DYNAMIC;
@@ -266,7 +264,7 @@ err:
         free(sname_dup);
         if (idx == -1)
                 free(ptmp);
-        X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
         return 0;
 }
 
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
index fbd66bb721..9dc1741788 100644
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ b/src/lib/libcrypto/x509v3/v3_skey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_skey.c,v 1.14 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_skey.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -95,7 +95,7 @@ s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
         long length;
 
         if (!(oct = ASN1_OCTET_STRING_new())) {
-                X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -121,7 +121,7 @@ s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
                 return s2i_ASN1_OCTET_STRING(method, ctx, str);
 
         if (!(oct = ASN1_OCTET_STRING_new())) {
-                X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
 
@@ -129,7 +129,7 @@ s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
                 return oct;
 
         if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
-                X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+                X509V3error(X509V3_R_NO_PUBLIC_KEY);
                 goto err;
         }
 
@@ -139,7 +139,7 @@ s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
                 pk = ctx->subject_cert->cert_info->key->public_key;
 
         if (!pk) {
-                X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+                X509V3error(X509V3_R_NO_PUBLIC_KEY);
                 goto err;
         }
 
@@ -148,7 +148,7 @@ s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
                 goto err;
 
         if (!ASN1_STRING_set(oct, pkey_dig, diglen)) {
-                X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
index bb88da4b49..14c6e5c0a4 100644
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ b/src/lib/libcrypto/x509v3/v3_sxnet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_sxnet.c,v 1.18 2016/12/30 15:54:49 jsing Exp $ */
+/* $OpenBSD: v3_sxnet.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -258,8 +258,7 @@ SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
         ASN1_INTEGER *izone = NULL;
 
         if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-                X509V3err(X509V3_F_SXNET_ADD_ID_ASC,
-                    X509V3_R_ERROR_CONVERTING_ZONE);
+                X509V3error(X509V3_R_ERROR_CONVERTING_ZONE);
                 return 0;
         }
         return SXNET_add_id_INTEGER(psx, izone, user, userlen);
@@ -274,7 +273,7 @@ SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen)
 
         if (!(izone = ASN1_INTEGER_new()) ||
             !ASN1_INTEGER_set(izone, lzone)) {
-                X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 ASN1_INTEGER_free(izone);
                 return 0;
         }
@@ -293,15 +292,13 @@ SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen)
         SXNETID *id = NULL;
 
         if (!psx || !zone || !user) {
-                X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
-                    X509V3_R_INVALID_NULL_ARGUMENT);
+                X509V3error(X509V3_R_INVALID_NULL_ARGUMENT);
                 return 0;
         }
         if (userlen == -1)
                 userlen = strlen(user);
         if (userlen > 64) {
-                X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
-                    X509V3_R_USER_TOO_LONG);
+                X509V3error(X509V3_R_USER_TOO_LONG);
                 return 0;
         }
         if (!*psx) {
@@ -313,8 +310,7 @@ SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen)
         } else
                 sx = *psx;
         if (SXNET_get_id_INTEGER(sx, zone)) {
-                X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
-                    X509V3_R_DUPLICATE_ZONE_ID);
+                X509V3error(X509V3_R_DUPLICATE_ZONE_ID);
                 return 0;
         }
 
@@ -331,7 +327,7 @@ SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen)
         return 1;
 
 err:
-        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
         SXNETID_free(id);
         SXNET_free(sx);
         *psx = NULL;
@@ -345,8 +341,7 @@ SXNET_get_id_asc(SXNET *sx, char *zone)
         ASN1_OCTET_STRING *oct;
 
         if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-                X509V3err(X509V3_F_SXNET_GET_ID_ASC,
-                    X509V3_R_ERROR_CONVERTING_ZONE);
+                X509V3error(X509V3_R_ERROR_CONVERTING_ZONE);
                 return NULL;
         }
         oct = SXNET_get_id_INTEGER(sx, izone);
@@ -362,7 +357,7 @@ SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
 
         if (!(izone = ASN1_INTEGER_new()) ||
             !ASN1_INTEGER_set(izone, lzone)) {
-                X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 ASN1_INTEGER_free(izone);
                 return NULL;
         }
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
index 7516cd3c20..04c789922b 100644
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_utl.c,v 1.25 2016/09/03 11:56:33 beck Exp $ */
+/* $OpenBSD: v3_utl.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -103,7 +103,7 @@ X509V3_add_value(const char *name, const char *value,
         return 1;
 
 err:
-        X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
         free(vtmp);
         free(tname);
         free(tvalue);
@@ -159,7 +159,7 @@ i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
                 return NULL;
         if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
             !(strtmp = BN_bn2dec(bntmp)))
-                X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
         BN_free(bntmp);
         return strtmp;
 }
@@ -174,7 +174,7 @@ i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
                 return NULL;
         if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
             !(strtmp = BN_bn2dec(bntmp)))
-                X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
         BN_free(bntmp);
         return strtmp;
 }
@@ -188,8 +188,7 @@ s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
         int ret;
 
         if (!value) {
-                X509V3err(X509V3_F_S2I_ASN1_INTEGER,
-                    X509V3_R_INVALID_NULL_VALUE);
+                X509V3error(X509V3_R_INVALID_NULL_VALUE);
                 return 0;
         }
         bn = BN_new();
@@ -212,7 +211,7 @@ s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
 
         if (!ret || value[ret]) {
                 BN_free(bn);
-                X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
+                X509V3error(X509V3_R_BN_DEC2BN_ERROR);
                 return 0;
         }
 
@@ -222,8 +221,7 @@ s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
         aint = BN_to_ASN1_INTEGER(bn, NULL);
         BN_free(bn);
         if (!aint) {
-                X509V3err(X509V3_F_S2I_ASN1_INTEGER,
-                    X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+                X509V3error(X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
                 return 0;
         }
         if (isneg)
@@ -267,8 +265,7 @@ X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
         }
 
 err:
-        X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,
-            X509V3_R_INVALID_BOOLEAN_STRING);
+        X509V3error(X509V3_R_INVALID_BOOLEAN_STRING);
         X509V3_conf_err(value);
         return 0;
 }
@@ -302,7 +299,7 @@ X509V3_parse_list(const char *line)
 
         /* We are going to modify the line so copy it first */
         if ((linebuf = strdup(line)) == NULL) {
-                X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
         state = HDR_NAME;
@@ -319,8 +316,7 @@ X509V3_parse_list(const char *line)
                                 *p = 0;
                                 ntmp = strip_spaces(q);
                                 if (!ntmp) {
-                                        X509V3err(X509V3_F_X509V3_PARSE_LIST,
-                                            X509V3_R_INVALID_NULL_NAME);
+                                        X509V3error(X509V3_R_INVALID_NULL_NAME);
                                         goto err;
                                 }
                                 q = p + 1;
@@ -329,8 +325,7 @@ X509V3_parse_list(const char *line)
                                 ntmp = strip_spaces(q);
                                 q = p + 1;
                                 if (!ntmp) {
-                                        X509V3err(X509V3_F_X509V3_PARSE_LIST,
-                                            X509V3_R_INVALID_NULL_NAME);
+                                        X509V3error(X509V3_R_INVALID_NULL_NAME);
                                         goto err;
                                 }
                                 X509V3_add_value(ntmp, NULL, &values);
@@ -343,8 +338,7 @@ X509V3_parse_list(const char *line)
                                 *p = 0;
                                 vtmp = strip_spaces(q);
                                 if (!vtmp) {
-                                        X509V3err(X509V3_F_X509V3_PARSE_LIST,
-                                            X509V3_R_INVALID_NULL_VALUE);
+                                        X509V3error(X509V3_R_INVALID_NULL_VALUE);
                                         goto err;
                                 }
                                 X509V3_add_value(ntmp, vtmp, &values);
@@ -358,16 +352,14 @@ X509V3_parse_list(const char *line)
         if (state == HDR_VALUE) {
                 vtmp = strip_spaces(q);
                 if (!vtmp) {
-                        X509V3err(X509V3_F_X509V3_PARSE_LIST,
-                            X509V3_R_INVALID_NULL_VALUE);
+                        X509V3error(X509V3_R_INVALID_NULL_VALUE);
                         goto err;
                 }
                 X509V3_add_value(ntmp, vtmp, &values);
         } else {
                 ntmp = strip_spaces(q);
                 if (!ntmp) {
-                        X509V3err(X509V3_F_X509V3_PARSE_LIST,
-                            X509V3_R_INVALID_NULL_NAME);
+                        X509V3error(X509V3_R_INVALID_NULL_NAME);
                         goto err;
                 }
                 X509V3_add_value(ntmp, NULL, &values);
@@ -420,7 +412,7 @@ hex_to_string(const unsigned char *buffer, long len)
         if (!buffer || !len)
                 return NULL;
         if (!(tmp = malloc(len * 3 + 1))) {
-                X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE);
+                X509V3error(ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         q = tmp;
@@ -443,8 +435,7 @@ string_to_hex(const char *str, long *len)
         unsigned char *hexbuf, *q;
         unsigned char ch, cl, *p;
         if (!str) {
-                X509V3err(X509V3_F_STRING_TO_HEX,
-                    X509V3_R_INVALID_NULL_ARGUMENT);
+                X509V3error(X509V3_R_INVALID_NULL_ARGUMENT);
                 return NULL;
         }
         if (!(hexbuf = malloc(strlen(str) >> 1)))
@@ -455,8 +446,7 @@ string_to_hex(const char *str, long *len)
                         continue;
                 cl = *p++;
                 if (!cl) {
-                        X509V3err(X509V3_F_STRING_TO_HEX,
-                            X509V3_R_ODD_NUMBER_OF_DIGITS);
+                        X509V3error(X509V3_R_ODD_NUMBER_OF_DIGITS);
                         free(hexbuf);
                         return NULL;
                 }
@@ -487,12 +477,12 @@ string_to_hex(const char *str, long *len)
 
 err:
         free(hexbuf);
-        X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE);
+        X509V3error(ERR_R_MALLOC_FAILURE);
         return NULL;
 
 badhex:
         free(hexbuf);
-        X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT);
+        X509V3error(X509V3_R_ILLEGAL_HEX_DIGIT);
         return NULL;
 }
 
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index 46c08a1798..ababa8cf17 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_ssl.c,v 1.25 2017/01/26 12:44:52 beck Exp $ */
+/* $OpenBSD: bio_ssl.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -110,7 +110,7 @@ ssl_new(BIO *bi)
 
         bs = calloc(1, sizeof(BIO_SSL));
         if (bs == NULL) {
-                BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+                SSLerror(ERR_R_MALLOC_FAILURE);
                 return (0);
         }
         bi->init = 0;
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index e608bcfea4..73683d4099 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.62 2017/01/26 12:16:13 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.63 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -709,7 +709,7 @@ SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir)
                 (void) closedir(dirp);
         }
         if (!ret) {
-                SYSerr(SYS_F_OPENDIR, errno);
+                SYSerror(errno);
                 ERR_asprintf_error_data("opendir ('%s')", dir);
                 SSLerror(ERR_R_SYS_LIB);
         }