12 files changed, 45 insertions, 255 deletions
diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c
index 4dcf710bbe..3f673205c1 100644
--- a/src/lib/libcrypto/bio/b_dump.c
+++ b/src/lib/libcrypto/bio/b_dump.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: b_dump.c,v 1.30 2024/03/02 09:21:24 tb Exp $ */
+/* $OpenBSD: b_dump.c,v 1.31 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -62,7 +62,6 @@
 #include <string.h>
 #include <openssl/bio.h>
-#include <openssl/err.h>
 #include "bytestring.h"
diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c
index 00bbe9c37e..9ef9953b95 100644
--- a/src/lib/libcrypto/bio/b_sock.c
+++ b/src/lib/libcrypto/bio/b_sock.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: b_sock.c,v 1.71 2023/07/05 21:23:37 beck Exp $ */
+/* $OpenBSD: b_sock.c,v 1.72 2025/05/10 05:54:38 tb Exp $ */
 /*
 * Copyright (c) 2017 Bob Beck <beck@openbsd.org>
 *
@@ -32,7 +32,8 @@
 #include <openssl/bio.h>
 #include <openssl/buffer.h>
-#include <openssl/err.h>
+#include "err_local.h"
 int
 BIO_get_host_ip(const char *str, unsigned char *ip)
diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c
index 226c16835a..36b6fabde3 100644
--- a/src/lib/libcrypto/bio/bf_buff.c
+++ b/src/lib/libcrypto/bio/bf_buff.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bf_buff.c,v 1.28 2023/07/05 21:23:37 beck Exp $ */
+/* $OpenBSD: bf_buff.c,v 1.29 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -61,9 +61,9 @@
 #include <string.h>
 #include <openssl/bio.h>
-#include <openssl/err.h>
 #include "bio_local.h"
+#include "err_local.h"
 static int buffer_write(BIO *h, const char *buf, int num);
 static int buffer_read(BIO *h, char *buf, int size);
diff --git a/src/lib/libcrypto/bio/bio.h b/src/lib/libcrypto/bio/bio.h
index 8327ffc071..a8108054e7 100644
--- a/src/lib/libcrypto/bio/bio.h
+++ b/src/lib/libcrypto/bio/bio.h
@@ -1,25 +1,25 @@
-/* $OpenBSD: bio.h,v 1.64 2024/05/19 07:12:50 jsg Exp $ */
+/* $OpenBSD: bio.h,v 1.65 2025/07/16 18:12:54 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -96,8 +96,8 @@ extern "C" {
 #define BIO_TYPE_BIO            (19|0x0400)             /* (half a) BIO pair */
 #define BIO_TYPE_LINEBUFFER     (20|0x0200)             /* filter */
 #define BIO_TYPE_DGRAM          (21|0x0400|0x0100)
-#define BIO_TYPE_ASN1           (22|0x0200)             /* filter */
+#define BIO_TYPE_ASN1           (22|0x0200)             /* filter */
-#define BIO_TYPE_COMP           (23|0x0200)             /* filter */
+#define BIO_TYPE_COMP           (23|0x0200)             /* filter */
 #define BIO_TYPE_DESCRIPTOR     0x0100  /* socket, fd, connect or accept */
 #define BIO_TYPE_FILTER         0x0200
@@ -139,14 +139,14 @@ extern "C" {
 #define BIO_CTRL_DGRAM_CONNECT       31  /* BIO dgram special */
 #define BIO_CTRL_DGRAM_SET_CONNECTED 32  /* allow for an externally
                                          * connected socket to be
-                                          * passed in */ 
+                                          * passed in */
 #define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */
 #define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */
 #define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */
 #define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */
 #define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */
-#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */
+#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation timed out */
 /* #ifdef IP_MTU_DISCOVER */
 #define BIO_CTRL_DGRAM_MTU_DISCOVER       39 /* set DF bit on egress packets */
@@ -232,7 +232,7 @@ void BIO_clear_flags(BIO *b, int flags);
 /* The next three are used in conjunction with the
 * BIO_should_io_special() condition.  After this returns true,
- * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
+ * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO
 * stack and return the 'reason' for the special and the offending BIO.
 * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
 /* Returned from the SSL bio when the certificate retrieval code had an error */
@@ -380,7 +380,7 @@ int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
 #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
 #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
-#define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
+#define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
 #define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
@@ -571,7 +571,6 @@ const BIO_METHOD *BIO_s_socket(void);
 const BIO_METHOD *BIO_s_connect(void);
 const BIO_METHOD *BIO_s_accept(void);
 const BIO_METHOD *BIO_s_fd(void);
-const BIO_METHOD *BIO_s_log(void);
 const BIO_METHOD *BIO_s_bio(void);
 const BIO_METHOD *BIO_s_null(void);
 const BIO_METHOD *BIO_f_null(void);
diff --git a/src/lib/libcrypto/bio/bio_cb.c b/src/lib/libcrypto/bio/bio_cb.c
index 18e9be8d68..990cb20708 100644
--- a/src/lib/libcrypto/bio/bio_cb.c
+++ b/src/lib/libcrypto/bio/bio_cb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_cb.c,v 1.19 2023/07/05 21:23:37 beck Exp $ */
+/* $OpenBSD: bio_cb.c,v 1.20 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -60,7 +60,6 @@
 #include <stdlib.h>
 #include <string.h>
-#include <openssl/err.h>
 #include <openssl/bio.h>
 #include "bio_local.h"
diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c
index 463d2ad23a..04e8f4c295 100644
--- a/src/lib/libcrypto/bio/bio_lib.c
+++ b/src/lib/libcrypto/bio/bio_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_lib.c,v 1.54 2024/07/09 06:14:59 beck Exp $ */
+/* $OpenBSD: bio_lib.c,v 1.55 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -62,10 +62,10 @@
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
-#include <openssl/err.h>
 #include <openssl/stack.h>
 #include "bio_local.h"
+#include "err_local.h"
 /*
 * Helper function to work out whether to call the new style callback or the old
diff --git a/src/lib/libcrypto/bio/bss_acpt.c b/src/lib/libcrypto/bio/bss_acpt.c
index d74c710a7f..60e61100b1 100644
--- a/src/lib/libcrypto/bio/bss_acpt.c
+++ b/src/lib/libcrypto/bio/bss_acpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_acpt.c,v 1.31 2023/07/05 21:23:37 beck Exp $ */
+/* $OpenBSD: bss_acpt.c,v 1.33 2025/06/02 12:18:21 jsg Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -65,9 +65,9 @@
 #include <openssl/bio.h>
 #include <openssl/buffer.h>
-#include <openssl/err.h>
 #include "bio_local.h"
+#include "err_local.h"
 #define SOCKET_PROTOCOL IPPROTO_TCP
@@ -261,11 +261,12 @@ again:
                if (c->bio_chain != NULL) {
                        if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL)
                                goto err;
-                        if (!BIO_push(dbio, bio)) goto err;
+                        if (!BIO_push(dbio, bio))
-                                bio = dbio;
+                                goto err;
+                        bio = dbio;
                }
-                if (BIO_push(b, bio)
+                if (BIO_push(b, bio) == NULL)
-                        == NULL) goto err;
+                        goto err;
                c->state = ACPT_S_OK;
                return (1);
diff --git a/src/lib/libcrypto/bio/bss_bio.c b/src/lib/libcrypto/bio/bss_bio.c
index 39d8d1e46c..f1d1bbeecd 100644
--- a/src/lib/libcrypto/bio/bss_bio.c
+++ b/src/lib/libcrypto/bio/bss_bio.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_bio.c,v 1.29 2024/07/09 06:14:59 beck Exp $ */
+/* $OpenBSD: bss_bio.c,v 1.30 2025/05/10 05:54:38 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
@@ -81,10 +81,10 @@
 #include <sys/types.h>
 #include <openssl/bio.h>
-#include <openssl/err.h>
 #include <openssl/crypto.h>
 #include "bio_local.h"
+#include "err_local.h"
 static int bio_new(BIO *bio);
 static int bio_free(BIO *bio);
diff --git a/src/lib/libcrypto/bio/bss_conn.c b/src/lib/libcrypto/bio/bss_conn.c
index 3b0e3d3bdd..14f410f59d 100644
--- a/src/lib/libcrypto/bio/bss_conn.c
+++ b/src/lib/libcrypto/bio/bss_conn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_conn.c,v 1.41 2024/04/19 09:54:36 tb Exp $ */
+/* $OpenBSD: bss_conn.c,v 1.43 2025/06/02 12:18:21 jsg Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -68,9 +68,9 @@
 #include <openssl/bio.h>
 #include <openssl/buffer.h>
-#include <openssl/err.h>
 #include "bio_local.h"
+#include "err_local.h"
 #define SOCKET_PROTOCOL IPPROTO_TCP
@@ -141,7 +141,7 @@ conn_state(BIO *b, BIO_CONNECT *c)
                        }
                        for (; *p != '\0'; p++) {
                                if ((*p == ':') || (*p == '/'))
-                                break;
+                                        break;
                        }
                        i= *p;
diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c
index 9b6ca2bdd8..21f71718bb 100644
--- a/src/lib/libcrypto/bio/bss_file.c
+++ b/src/lib/libcrypto/bio/bss_file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_file.c,v 1.35 2023/07/05 21:23:37 beck Exp $ */
+/* $OpenBSD: bss_file.c,v 1.36 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -88,9 +88,9 @@
 #include <string.h>
 #include <openssl/bio.h>
-#include <openssl/err.h>
 #include "bio_local.h"
+#include "err_local.h"
 static int file_write(BIO *h, const char *buf, int num);
 static int file_read(BIO *h, char *buf, int size);
diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c
deleted file mode 100644
index 9e2e882646..0000000000
--- a/src/lib/libcrypto/bio/bss_log.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/* $OpenBSD: bss_log.c,v 1.24 2023/07/05 21:23:37 beck Exp $ */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/*
-        Why BIO_s_log?
-        BIO_s_log is useful for system daemons (or services under NT).
-        It is one-way BIO, it sends all stuff to syslogd (on system that
-        commonly use that), or event log (on NT), or OPCOM (on OpenVMS).
-*/
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-#include <syslog.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-#include "bio_local.h"
-#ifndef NO_SYSLOG
-static int slg_write(BIO *h, const char *buf, int num);
-static int slg_puts(BIO *h, const char *str);
-static long slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int slg_new(BIO *h);
-static int slg_free(BIO *data);
-static void xopenlog(BIO* bp, char* name, int level);
-static void xsyslog(BIO* bp, int priority, const char* string);
-static void xcloselog(BIO* bp);
-static const BIO_METHOD methods_slg = {
-        .type = BIO_TYPE_MEM,
-        .name = "syslog",
-        .bwrite = slg_write,
-        .bputs = slg_puts,
-        .ctrl = slg_ctrl,
-        .create = slg_new,
-        .destroy = slg_free
-};
-const BIO_METHOD *
-BIO_s_log(void)
-{
-        return (&methods_slg);
-}
-LCRYPTO_ALIAS(BIO_s_log);
-static int
-slg_new(BIO *bi)
-{
-        bi->init = 1;
-        bi->num = 0;
-        bi->ptr = NULL;
-        xopenlog(bi, "application", LOG_DAEMON);
-        return (1);
-}
-static int
-slg_free(BIO *a)
-{
-        if (a == NULL)
-                return (0);
-        xcloselog(a);
-        return (1);
-}
-static int
-slg_write(BIO *b, const char *in, int inl)
-{
-        int ret = inl;
-        char* buf;
-        char* pp;
-        int priority, i;
-        static const struct {
-                int strl;
-                char str[10];
-                int log_level;
-        }
-        mapping[] = {
-                { 6, "PANIC ", LOG_EMERG },
-                { 6, "EMERG ", LOG_EMERG },
-                { 4, "EMR ", LOG_EMERG },
-                { 6, "ALERT ", LOG_ALERT },
-                { 4, "ALR ", LOG_ALERT },
-                { 5, "CRIT ", LOG_CRIT },
-                { 4, "CRI ", LOG_CRIT },
-                { 6, "ERROR ", LOG_ERR },
-                { 4, "ERR ", LOG_ERR },
-                { 8, "WARNING ", LOG_WARNING },
-                { 5, "WARN ", LOG_WARNING },
-                { 4, "WAR ", LOG_WARNING },
-                { 7, "NOTICE ", LOG_NOTICE },
-                { 5, "NOTE ", LOG_NOTICE },
-                { 4, "NOT ", LOG_NOTICE },
-                { 5, "INFO ", LOG_INFO },
-                { 4, "INF ", LOG_INFO },
-                { 6, "DEBUG ", LOG_DEBUG },
-                { 4, "DBG ", LOG_DEBUG },
-                { 0, "", LOG_ERR } /* The default */
-        };
-        if ((buf = malloc(inl + 1)) == NULL) {
-                return (0);
-        }
-        strlcpy(buf, in, inl + 1);
-        i = 0;
-        while (strncmp(buf, mapping[i].str, mapping[i].strl) != 0)
-                i++;
-        priority = mapping[i].log_level;
-        pp = buf + mapping[i].strl;
-        xsyslog(b, priority, pp);
-        free(buf);
-        return (ret);
-}
-static long
-slg_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
-        switch (cmd) {
-        case BIO_CTRL_SET:
-                xcloselog(b);
-                xopenlog(b, ptr, num);
-                break;
-        default:
-                break;
-        }
-        return (0);
-}
-static int
-slg_puts(BIO *bp, const char *str)
-{
-        int n, ret;
-        n = strlen(str);
-        ret = slg_write(bp, str, n);
-        return (ret);
-}
-static void
-xopenlog(BIO* bp, char* name, int level)
-{
-        openlog(name, LOG_PID|LOG_CONS, level);
-}
-static void
-xsyslog(BIO *bp, int priority, const char *string)
-{
-        syslog(priority, "%s", string);
-}
-static void
-xcloselog(BIO* bp)
-{
-        closelog();
-}
-#endif /* NO_SYSLOG */
diff --git a/src/lib/libcrypto/bio/bss_mem.c b/src/lib/libcrypto/bio/bss_mem.c
index 6d0d54db84..0fa6317a2b 100644
--- a/src/lib/libcrypto/bio/bss_mem.c
+++ b/src/lib/libcrypto/bio/bss_mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_mem.c,v 1.22 2023/07/05 21:23:37 beck Exp $ */
+/* $OpenBSD: bss_mem.c,v 1.27 2025/05/31 11:31:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -62,10 +62,10 @@
 #include <string.h>
 #include <openssl/bio.h>
-#include <openssl/err.h>
 #include <openssl/buffer.h>
 #include "bio_local.h"
+#include "err_local.h"
 struct bio_mem {
        BUF_MEM *buf;
@@ -140,6 +140,7 @@ BIO_new_mem_buf(const void *buf, int buf_len)
                return NULL;
        bm = bio->ptr;
+        free(bm->buf->data);
        bm->buf->data = (void *)buf; /* Trust in the BIO_FLAGS_MEM_RDONLY flag. */
        bm->buf->length = buf_len;
        bm->buf->max = buf_len;
@@ -162,6 +163,12 @@ mem_new(BIO *bio)
                free(bm);
                return 0;
        }
+        if (BUF_MEM_grow_clean(bm->buf, 64) != 64) {
+                BUF_MEM_free(bm->buf);
+                free(bm);
+                return 0;
+        }
+        bm->buf->length = 0;
        bio->shutdown = 1;
        bio->init = 1;