21 files changed, 408 insertions, 135 deletions

diff --git a/.github/rust-openssl.patch b/.github/rust-openssl.patch
new file mode 100644
index 0000000..5821c72
--- /dev/null
+++ b/.github/rust-openssl.patch
@@ -0,0 +1,13 @@
+diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs
+index 2ca53c97..56a60161 100644
+--- a/openssl-sys/build/main.rs
++++ b/openssl-sys/build/main.rs
+@@ -281,7 +281,7 @@ See rust-openssl documentation for more information:
+             (3, 4, _) => ('3', '4', 'x'),
+             (3, 5, _) => ('3', '5', 'x'),
+             (3, 6, 0) => ('3', '6', '0'),
+-            _ => version_error(),
++            _ => ('3', '6', 'x'),
+         };
+ 
+         println!("cargo:libressl=true");
diff --git a/.github/workflows/regress.yml b/.github/workflows/regress.yml
new file mode 100644
index 0000000..88ce310
--- /dev/null
+++ b/.github/workflows/regress.yml
@@ -0,0 +1,33 @@
+name: regress testing
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+jobs:
+  rust-openssl:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Install apt dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y cargo
+    - name: Build LibreSSL
+      run: |
+        ./autogen.sh
+        ./configure
+        make dist
+        tar zxvf libressl-*.tar.gz
+        rm libressl-*.tar.gz
+        cd libressl-*
+        ./configure --prefix="${HOME}/opt"
+        make all install
+    - name: run rust-openssl tests
+      run: |
+        git clone https://github.com/sfackler/rust-openssl.git
+        cd rust-openssl
+        export OPENSSL_DIR=${HOME}/opt
+        export LD_LIBRARY_PATH=${HOME}/opt/lib
+        patch -p1 < ../.github/rust-openssl.patch
+        cargo test
diff --git a/.gitignore b/.gitignore
index b85cf10..e00baab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -63,11 +63,14 @@ tests/asn1complex*
 tests/asn1evp*
 tests/asn1object*
 tests/asn1string_copy*
+tests/asn1_string_to_utf8*
 tests/asn1time*
 tests/asn1x509*
 tests/bnaddsub*
+tests/bn_isqrt*
 tests/bn_mod_exp2_mont*
 tests/bn_mod_sqrt*
+tests/bn_primes*
 tests/bn_rand_interval*
 tests/bn_to_string*
 tests/cipher*
@@ -84,6 +87,7 @@ tests/rfc3779*
 tests/rfc5280time*
 tests/ssl_get_shared_ciphers*
 tests/ssl_methods*
+tests/ssl_set_alpn_protos*
 tests/ssl_versions*
 tests/string_table*
 tests/timingsafe*
diff --git a/ChangeLog b/ChangeLog
index e4dc7ad..d5c4617 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,150 @@ history is also available from Git.
 
 LibreSSL Portable Release Notes:
 
+3.6.0 - Development release
+
+        * Internal improvements
+          - Avoid expensive RFC 3779 checks during cert verification.
+          - The templated ASN.1 decoder has been cleaned up, refactored,
+            modernized with parts rewritten using CBB and CBS.
+          - The ASN.1 time parser has been rewritten.
+          - Rewrite and fix ASN1_STRING_to_UTF8().
+          - Use asn1_abs_set_unused_bits() rather than inlining it.
+          - Simplify ec_asn1_group2curve().
+          - First pass at a clean up of ASN1_item_sign_ctx()
+          - ssl_txt.c was cleaned up.
+          - Internal function arguments and struct member have been changed
+            to size_t.
+          - Lots of missing error checks of EVP API were added.
+          - Clean up and clarify BN_kronecker().
+          - Simplify ASN1_INTEGER_cmp()
+          - Rewrite ASN1_INTEGER_{get,set}() using CBS and CBB and reuse
+            the ASN1_INTEGER functions for ASN1_ENUMERATED.
+          - Use ASN1_INTEGER to parse and build {Z,}LONG_it
+          - Refactored and cleaned up group (elliptic curve) handling in
+            t1_lib.c.
+          - Simplify certificate list handling code in the legacy server.
+          - Make CBB_finish() fail if *out_data is not NULL.
+          - Remove tls_buffer_set_data() and remove/revise callers.
+          - Rewrite SSL{_CTX,}_set_alpn_protos() using CBS.
+          - Simplify tlsext_supported_groups_server_parse().
+          - Remove redundant length checks in tlsext parse functions.
+          - Simplify tls13_server_encrypted_extensions_recv().
+          - Add read and write support to tls_buffer.
+          - Convert TLS transcript from BUF_MEM to tls_buffer.
+          - Clear key on exit in PKCS12_gen_mac().
+          - Minor fixes in PKCS12_parse().
+          - Provide and use a primitive clear function for BIGNUM_it.
+          - Use ASN1_INTEGER to encode/decode BIGNUM_it.
+          - Add stack frames to AES-NI x86_64 assembly.
+          - Use named initialisers for BIGNUMs.
+          - Tidy up some of BN_nist_mod_*.
+          - Expand BLOCK_CIPHER_* and related macros.
+          - Avoid shadowing the cbs function parameter in
+            tlsext_alpn_server_parse()
+          - Deduplicate peer certificate chain processing code.
+          - Make it possible to signal an error from an i2c_* function.
+          - Rewrite i2c_ASN1_INTEGER() using CBB/CBS.
+          - Remove UINT32_MAX limitation on ChaCha() and CRYPTO_chacha_20().
+          - Remove bogus length checks from EVP_aead_chacha20_poly1305().
+          - Reworked DSA_size() and ECDSA_size().
+          - Stop using CBIGNUM_it internal to libcrypto.
+          - Provide c2i_ASN1_ENUMERATED_cbs() and call it from
+            asn1_c2i_primitive().
+          - Ensure ASN.1 types are appropriately encoded.
+          - Avoid recycling ASN1_STRINGs when decoding ASN.1.
+          - Tidy up asn1_c2i_primitive() slightly.
+          - Mechanically expand IMPLEMENT_BLOCK_CIPHER, IMPLEMENT_CFBR,
+            BLOCK_CIPHER and the looney M_do_cipher macros.
+          - Use correct length for EVP CFB mode ciphers.
+          - Provide a version of ssl_msg_callback() that takes a CBS.
+          - Use CBS to parse TLS alerts in the legacy stack.
+          - Increment the input and output position for EVP AES CFB1.
+          - Ensure there is no trailing data for a CCS received by the
+            TLSv1.3 stack.
+          - Use CBS when procesing a CCS message in the legacy stack.
+          - Be stricter with middlebox compatibility mode in the TLSv1.3
+            server.
+        * Compatibility changes
+          - The ASN.1 time parser has been refactored and rewritten using CBS.
+            It has been made stricter in that it now enforces the rules from
+            RFC 5280.
+          - ASN1_AFLG_BROKEN was removed.
+          - Error check tls_session_secret_cb() like OpenSSL.
+          - Added ASN1_INTEGER_{get,set}_{u,}int64()
+          - Move leaf certificate checks to the last thing after chain
+            validation.
+          - Added -s option to openssl(1) ciphers that only shows the ciphers
+            supported by the specified protocol.
+          - Use TLS_client_method() instead of TLSv1_client_method() in
+            the openssl(1) ciphers command.
+          - Validate the protocols in SSL{_CTX,}_set_alpn_protos().
+          - Made TS and PKCS12 opaque.
+          - Per RFC 7292, safeContentsBag is a SEQUENCE OF, not a SET OF.
+          - Align PKCS12_key_gen_uni() with OpenSSL
+          - Various PKCS12 and TS accessors were added. In particular, the
+            TS_RESP_CTX_set_time_cb() function was added back.
+          - Allow a NULL header in PEM_write{,_bio}()
+          - Allow empty attribute sets in CSRs.
+          - Adjust signatures of BIO_ctrl functions.
+          - Provide additional defines for EVP AEAD.
+          - Provide OPENSSL_cleanup().
+          - Make BIO_info_cb() identical to bio_info_cb().
+        * Bug fixes
+          - Avoid use of uninitialized in BN_mod_exp_recp().
+          - Fix X509_get_extension_flags() by ensuring that EXFLAG_INVALID is
+            set on X509_get_purpose() failure.
+          - Fix HMAC() with NULL key.
+          - Add ERR_load_{COMP,CT,KDF}_strings() to ERR_load_crypto_strings().
+          - Avoid strict aliasing violations in BN_nist_mod_*().
+          - Do not return X509_V_ERR_UNSPECIFIED from X509_check_ca().
+            No return value of X509_check_ca() indicates failure. Application
+            code should therefore issue a checked call to X509_check_purpose()
+            before calling X509_check_ca().
+          - Rewrite and fix X509v3_asid_subset() to avoid segfaults on some
+            valid input.
+          - Call the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new().
+          - Fix d2i_ASN1_OBJECT to advance the *der_in pointer correctly.
+          - Avoid use of uninitialized in ASN1_STRING_to_UTF8().
+          - Do not pass uninitialized pointer to ASN1_STRING_to_UTF8().
+          - Do not refuse valid IPv6 addresses in nc(1)'s HTTP CONNECT proxy.
+          - Do not reject primes in trial divisions.
+          - Error out on negative shifts in BN_{r,l}shift() instead of
+            accessing arrays out of bounds.
+          - Fix URI name constraints, allow for URI's with no host part.
+          - Fix the legacy verifier callback behaviour for untrusted certs.
+          - Correct serfver-side handling of TLSv1.3 key updates.
+          - Plug leak in PKCS12_setup_mac().
+          - Plug leak in X509V3_add1_i2d().
+          - Only print X.509 versions we know about.
+          - Avoid signed integer overflow due to unary negation
+          - Initialize readbytes in BIO_gets().
+          - Plug memory leak in CMS_add_simple_smimecap().
+          - Plug memory leak in X509_REQ_print_ex().
+          - Check HMAC() return value to avoid a later use of uninitialized.
+          - Avoid potential NULL dereference in ssl_set_pkey().
+          - Check return values in ssl_print_tmp_key().
+          - Switch loop bounds from size_t to int in check_hosts().
+          - Avoid division by zero if no connection was made in s_time.c.
+          - Check sk_SSL_CIPHER_push() return value
+          - Avoid out-of-bounds read in ssl_cipher_process_rulestr().
+          - Use LONG_MAX as the limit for ciphers with long based APIs.
+        * New features
+          - EVP API for HKDF ported from OpenSSL and subsequently cleaned up.
+          - The security level API (SSL_{,CTX}_{get,set}_security_level()) is
+            now available. Callbacks and ex_data are not supported. Sane
+            software will not be using this.
+          - Experimental support for the BoringSSL QUIC API.
+          - Add initial support for TS ESSCertIDv2 verification.
+          - LibreSSL now uses the Baillie-PSW primality test instead of
+            Miller-Rabin .
+
+3.5.3 - Reliability fix
+
+        * Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing
+          the passed *der_in pointer incorrectly. Thanks to Aram Sargsyan for
+          reporting the issue and testing the fix.
+
 3.5.2 - Stable release
 
         * Bug fixes
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
index 2d23332..2c0268c 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -333,6 +333,7 @@ set(
         bn/bn_add.c
         bn/bn_asm.c
         bn/bn_blind.c
+        bn/bn_bpsw.c
         bn/bn_const.c
         bn/bn_ctx.c
         bn/bn_depr.c
@@ -342,6 +343,7 @@ set(
         bn/bn_exp2.c
         bn/bn_gcd.c
         bn/bn_gf2m.c
+        bn/bn_isqrt.c
         bn/bn_kron.c
         bn/bn_lib.c
         bn/bn_mod.c
@@ -656,6 +658,7 @@ set(
         pkcs12/p12_npas.c
         pkcs12/p12_p8d.c
         pkcs12/p12_p8e.c
+        pkcs12/p12_sbag.c
         pkcs12/p12_utl.c
         pkcs12/pk12err.c
         pkcs7/bio_pk7.c
@@ -996,6 +999,7 @@ target_include_directories(crypto_obj
                 hmac
                 modes
                 ocsp
+                pkcs12
                 rsa
                 x509
                 ../include/compat
diff --git a/crypto/Makefile.am b/crypto/Makefile.am
index b78f491..01833d2 100644
--- a/crypto/Makefile.am
+++ b/crypto/Makefile.am
@@ -15,6 +15,7 @@ AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
 AM_CPPFLAGS += -I$(top_srcdir)/crypto/hmac
 AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
 AM_CPPFLAGS += -I$(top_srcdir)/crypto/ocsp
+AM_CPPFLAGS += -I$(top_srcdir)/crypto/pkcs12
 AM_CPPFLAGS += -I$(top_srcdir)/crypto/rsa
 AM_CPPFLAGS += -I$(top_srcdir)/crypto/x509
 AM_CPPFLAGS += -I$(top_srcdir)/crypto
@@ -412,6 +413,7 @@ noinst_HEADERS += bio/bio_local.h
 libcrypto_la_SOURCES += bn/bn_add.c
 libcrypto_la_SOURCES += bn/bn_asm.c
 libcrypto_la_SOURCES += bn/bn_blind.c
+libcrypto_la_SOURCES += bn/bn_bpsw.c
 libcrypto_la_SOURCES += bn/bn_const.c
 libcrypto_la_SOURCES += bn/bn_ctx.c
 libcrypto_la_SOURCES += bn/bn_depr.c
@@ -421,6 +423,7 @@ libcrypto_la_SOURCES += bn/bn_exp.c
 libcrypto_la_SOURCES += bn/bn_exp2.c
 libcrypto_la_SOURCES += bn/bn_gcd.c
 libcrypto_la_SOURCES += bn/bn_gf2m.c
+libcrypto_la_SOURCES += bn/bn_isqrt.c
 libcrypto_la_SOURCES += bn/bn_kron.c
 libcrypto_la_SOURCES += bn/bn_lib.c
 libcrypto_la_SOURCES += bn/bn_mod.c
@@ -837,8 +840,10 @@ libcrypto_la_SOURCES += pkcs12/p12_mutl.c
 libcrypto_la_SOURCES += pkcs12/p12_npas.c
 libcrypto_la_SOURCES += pkcs12/p12_p8d.c
 libcrypto_la_SOURCES += pkcs12/p12_p8e.c
+libcrypto_la_SOURCES += pkcs12/p12_sbag.c
 libcrypto_la_SOURCES += pkcs12/p12_utl.c
 libcrypto_la_SOURCES += pkcs12/pk12err.c
+noinst_HEADERS += pkcs12/pkcs12_local.h
 
 # pkcs7
 libcrypto_la_SOURCES += pkcs7/bio_pk7.c
@@ -927,6 +932,7 @@ libcrypto_la_SOURCES += ts/ts_rsp_sign.c
 libcrypto_la_SOURCES += ts/ts_rsp_utils.c
 libcrypto_la_SOURCES += ts/ts_rsp_verify.c
 libcrypto_la_SOURCES += ts/ts_verify_ctx.c
+noinst_HEADERS += ts/ts_local.h
 
 # txt_db
 libcrypto_la_SOURCES += txt_db/txt_db.c
diff --git a/man/links b/man/links
index b2d1783..16e159d 100644
--- a/man/links
+++ b/man/links
@@ -12,11 +12,17 @@ ASN1_BIT_STRING_set.3,ASN1_BIT_STRING_check.3
 ASN1_BIT_STRING_set.3,ASN1_BIT_STRING_get_bit.3
 ASN1_BIT_STRING_set.3,ASN1_BIT_STRING_set_bit.3
 ASN1_INTEGER_get.3,ASN1_ENUMERATED_get.3
+ASN1_INTEGER_get.3,ASN1_ENUMERATED_get_int64.3
 ASN1_INTEGER_get.3,ASN1_ENUMERATED_set.3
+ASN1_INTEGER_get.3,ASN1_ENUMERATED_set_int64.3
 ASN1_INTEGER_get.3,ASN1_ENUMERATED_to_BN.3
 ASN1_INTEGER_get.3,ASN1_INTEGER_cmp.3
 ASN1_INTEGER_get.3,ASN1_INTEGER_dup.3
+ASN1_INTEGER_get.3,ASN1_INTEGER_get_int64.3
+ASN1_INTEGER_get.3,ASN1_INTEGER_get_uint64.3
 ASN1_INTEGER_get.3,ASN1_INTEGER_set.3
+ASN1_INTEGER_get.3,ASN1_INTEGER_set_int64.3
+ASN1_INTEGER_get.3,ASN1_INTEGER_set_uint64.3
 ASN1_INTEGER_get.3,ASN1_INTEGER_to_BN.3
 ASN1_INTEGER_get.3,BN_to_ASN1_ENUMERATED.3
 ASN1_INTEGER_get.3,BN_to_ASN1_INTEGER.3
@@ -146,6 +152,7 @@ BIO_ctrl.3,BIO_eof.3
 BIO_ctrl.3,BIO_flush.3
 BIO_ctrl.3,BIO_get_close.3
 BIO_ctrl.3,BIO_get_info_callback.3
+BIO_ctrl.3,BIO_info_cb.3
 BIO_ctrl.3,BIO_int_ctrl.3
 BIO_ctrl.3,BIO_pending.3
 BIO_ctrl.3,BIO_ptr_ctrl.3
@@ -155,7 +162,6 @@ BIO_ctrl.3,BIO_set_close.3
 BIO_ctrl.3,BIO_set_info_callback.3
 BIO_ctrl.3,BIO_tell.3
 BIO_ctrl.3,BIO_wpending.3
-BIO_ctrl.3,bio_info_cb.3
 BIO_dump.3,BIO_dump_fp.3
 BIO_dump.3,BIO_dump_indent.3
 BIO_dump.3,BIO_dump_indent_fp.3
@@ -530,6 +536,7 @@ DES_set_key.3,DES_string_to_key.3
 DES_set_key.3,DES_xcbc_encrypt.3
 DH_generate_key.3,DH_compute_key.3
 DH_generate_parameters.3,DH_check.3
+DH_generate_parameters.3,DH_check_pub_key.3
 DH_generate_parameters.3,DH_generate_parameters_ex.3
 DH_get0_pqg.3,DH_clear_flags.3
 DH_get0_pqg.3,DH_get0_engine.3
@@ -571,6 +578,8 @@ DSA_get_ex_new_index.3,DSA_get_ex_data.3
 DSA_get_ex_new_index.3,DSA_set_ex_data.3
 DSA_meth_new.3,DSA_meth_dup.3
 DSA_meth_new.3,DSA_meth_free.3
+DSA_meth_new.3,DSA_meth_get0_name.3
+DSA_meth_new.3,DSA_meth_set1_name.3
 DSA_meth_new.3,DSA_meth_set_finish.3
 DSA_meth_new.3,DSA_meth_set_sign.3
 DSA_new.3,DSA_free.3
@@ -581,6 +590,7 @@ DSA_set_method.3,DSA_new_method.3
 DSA_set_method.3,DSA_set_default_method.3
 DSA_sign.3,DSA_sign_setup.3
 DSA_sign.3,DSA_verify.3
+DSA_size.3,DSA_bits.3
 ECDH_compute_key.3,ECDH_size.3
 ECDSA_SIG_new.3,ECDSA_OpenSSL.3
 ECDSA_SIG_new.3,ECDSA_SIG_free.3
@@ -1034,11 +1044,17 @@ EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_add0.3
 EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_add_alias.3
 EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_copy.3
 EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_free.3
+EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_set_check.3
 EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_set_ctrl.3
 EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_set_free.3
 EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_set_param.3
+EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_set_param_check.3
 EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_set_private.3
 EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_set_public.3
+EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_set_public_check.3
+EVP_PKEY_asn1_new.3,EVP_PKEY_asn1_set_security_bits.3
+EVP_PKEY_check.3,EVP_PKEY_param_check.3
+EVP_PKEY_check.3,EVP_PKEY_public_check.3
 EVP_PKEY_cmp.3,EVP_PKEY_cmp_parameters.3
 EVP_PKEY_cmp.3,EVP_PKEY_copy_parameters.3
 EVP_PKEY_cmp.3,EVP_PKEY_missing_parameters.3
@@ -1059,6 +1075,7 @@ EVP_PKEY_meth_new.3,EVP_PKEY_meth_add0.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_copy.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_find.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_free.3
+EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_check.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_cleanup.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_copy.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_ctrl.3
@@ -1067,7 +1084,9 @@ EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_derive.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_encrypt.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_init.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_keygen.3
+EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_param_check.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_paramgen.3
+EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_public_check.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_sign.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_signctx.3
 EVP_PKEY_meth_new.3,EVP_PKEY_meth_set_verify.3
@@ -1103,12 +1122,12 @@ EVP_PKEY_set1_RSA.3,EVP_PKEY_set1_EC_KEY.3
 EVP_PKEY_set1_RSA.3,EVP_PKEY_set_type.3
 EVP_PKEY_set1_RSA.3,EVP_PKEY_type.3
 EVP_PKEY_sign.3,EVP_PKEY_sign_init.3
+EVP_PKEY_size.3,EVP_PKEY_bits.3
+EVP_PKEY_size.3,EVP_PKEY_security_bits.3
 EVP_PKEY_verify.3,EVP_PKEY_verify_init.3
 EVP_PKEY_verify_recover.3,EVP_PKEY_verify_recover_init.3
 EVP_SealInit.3,EVP_SealFinal.3
 EVP_SealInit.3,EVP_SealUpdate.3
-EVP_SignInit.3,EVP_PKEY_bits.3
-EVP_SignInit.3,EVP_PKEY_size.3
 EVP_SignInit.3,EVP_SignFinal.3
 EVP_SignInit.3,EVP_SignInit_ex.3
 EVP_SignInit.3,EVP_SignUpdate.3
@@ -1611,6 +1630,9 @@ RSA_print.3,DSAparams_print_fp.3
 RSA_print.3,RSA_print_fp.3
 RSA_private_encrypt.3,RSA_public_decrypt.3
 RSA_public_encrypt.3,RSA_private_decrypt.3
+RSA_security_bits.3,BN_security_bits.3
+RSA_security_bits.3,DH_security_bits.3
+RSA_security_bits.3,DSA_security_bits.3
 RSA_set_method.3,RSA_PKCS1_SSLeay.3
 RSA_set_method.3,RSA_flags.3
 RSA_set_method.3,RSA_get_default_method.3
@@ -1785,6 +1807,9 @@ SSL_CTX_set_read_ahead.3,SSL_CTX_get_default_read_ahead.3
 SSL_CTX_set_read_ahead.3,SSL_CTX_get_read_ahead.3
 SSL_CTX_set_read_ahead.3,SSL_get_read_ahead.3
 SSL_CTX_set_read_ahead.3,SSL_set_read_ahead.3
+SSL_CTX_set_security_level.3,SSL_CTX_get_security_level.3
+SSL_CTX_set_security_level.3,SSL_get_security_level.3
+SSL_CTX_set_security_level.3,SSL_set_security_level.3
 SSL_CTX_set_session_cache_mode.3,SSL_CTX_get_session_cache_mode.3
 SSL_CTX_set_session_id_context.3,SSL_set_session_id_context.3
 SSL_CTX_set_ssl_version.3,SSL_CTX_get_ssl_method.3
@@ -2243,12 +2268,14 @@ X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_get0_name.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_get0_peername.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_get_depth.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_get_flags.3
+X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_get_time.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set1_email.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set1_host.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set1_ip.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set1_ip_asc.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set1_name.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set1_policies.3
+X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_auth_level.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_depth.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_hostflags.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_purpose.3
@@ -2445,7 +2472,6 @@ d2i_ASN1_OCTET_STRING.3,d2i_ASN1_UTF8STRING.3
 d2i_ASN1_OCTET_STRING.3,d2i_ASN1_VISIBLESTRING.3
 d2i_ASN1_OCTET_STRING.3,d2i_DIRECTORYSTRING.3
 d2i_ASN1_OCTET_STRING.3,d2i_DISPLAYTEXT.3
-d2i_ASN1_OCTET_STRING.3,i2c_ASN1_INTEGER.3
 d2i_ASN1_OCTET_STRING.3,i2d_ASN1_BIT_STRING.3
 d2i_ASN1_OCTET_STRING.3,i2d_ASN1_BMPSTRING.3
 d2i_ASN1_OCTET_STRING.3,i2d_ASN1_ENUMERATED.3
diff --git a/patches/aeadtest.c.patch b/patches/aeadtest.c.patch
index 4f7319d..b3fe052 100644
--- a/patches/aeadtest.c.patch
+++ b/patches/aeadtest.c.patch
@@ -1,6 +1,6 @@
---- tests/aeadtest.c.orig       Sat Jan 26 12:39:05 2019
-+++ tests/aeadtest.c    Fri Sep  4 04:04:26 2020
-@@ -79,6 +79,12 @@
+--- tests/aeadtest.c.orig       Mon Sep  5 22:30:33 2022
++++ tests/aeadtest.c    Mon Sep  5 23:51:27 2022
+@@ -48,6 +48,12 @@
  
  #define BUF_MAX 1024
  
diff --git a/patches/bio.h.patch b/patches/bio.h.patch
index 29bba0c..072bc3b 100644
--- a/patches/bio.h.patch
+++ b/patches/bio.h.patch
@@ -1,6 +1,6 @@
---- include/openssl/bio.h.orig  Fri Feb 18 16:30:39 2022
-+++ include/openssl/bio.h       Mon Feb 21 05:39:35 2022
-@@ -666,8 +666,24 @@
+--- include/openssl/bio.h.orig  Mon Sep  5 22:30:32 2022
++++ include/openssl/bio.h       Tue Sep  6 01:38:22 2022
+@@ -666,8 +666,24 @@ void BIO_copy_next_retry(BIO *b);
  
  /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
  
@@ -25,12 +25,11 @@
         __attribute__((__format__(__printf__, 2, 3), __nonnull__(2)));
  int
  BIO_vprintf(BIO *bio, const char *format, va_list args)
-@@ -680,6 +696,8 @@
+@@ -680,6 +696,7 @@ int
  BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
         __attribute__((__deprecated__, __format__(__printf__, 3, 0),
             __nonnull__(3)));
 +#endif
-+
  
- /* BEGIN ERROR CODES */
- /* The following lines are auto generated by the script mkerr.pl. Any changes
+ void ERR_load_BIO_strings(void);
+ 
diff --git a/patches/bn_isqrt.c.patch b/patches/bn_isqrt.c.patch
new file mode 100644
index 0000000..bf205a3
--- /dev/null
+++ b/patches/bn_isqrt.c.patch
@@ -0,0 +1,18 @@
+--- tests/bn_isqrt.c.orig       Mon Aug 15 10:40:29 2022
++++ tests/bn_isqrt.c    Mon Aug 15 10:41:46 2022
+@@ -304,6 +304,7 @@ main(int argc, char *argv[])
+        int ch;
+        int failed = 0, print = 0;
+ 
++#ifndef _MSC_VER
+        while ((ch = getopt(argc, argv, "C")) != -1) {
+                switch (ch) {
+                case 'C':
+@@ -314,6 +315,7 @@ main(int argc, char *argv[])
+                        break;
+                }
+        }
++#endif
+ 
+        if (print)
+                return check_tables(1);
diff --git a/patches/rfc5280.c.patch b/patches/rfc5280.c.patch
index 9262183..9807f00 100644
--- a/patches/rfc5280.c.patch
+++ b/patches/rfc5280.c.patch
@@ -46,37 +46,3 @@
         {
                 .str = "700101000000Z",
                 .data = "700101000000Z",
-@@ -273,14 +279,14 @@
- 
-        if ((i = X509_cmp_time(gt, &att->time)) != -1) {
-                fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
--                   test_no, i, att->time);
-+                   test_no, i, (long long)att->time);
-                goto done;
-        }
- 
-        att->time--;
-        if ((i = X509_cmp_time(gt, &att->time)) != 1) {
-                fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
--                   test_no, i, att->time);
-+                   test_no, i, (long long)att->time);
-                goto done;
-        }
-        att->time++;
-@@ -325,14 +331,14 @@
- 
-        if ((i = X509_cmp_time(ut, &att->time)) != -1) {
-                fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
--                   test_no, i, att->time);
-+                   test_no, i, (long long)att->time);
-                goto done;
-        }
- 
-        att->time--;
-        if ((i = X509_cmp_time(ut, &att->time)) != 1) {
-                fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
--                   test_no, i, att->time);
-+                   test_no, i, (long long)att->time);
-                goto done;
-        }
-        att->time++;
diff --git a/patches/tlsexttest.c.patch b/patches/tlsexttest.c.patch
index b1b8652..bc81da5 100644
--- a/patches/tlsexttest.c.patch
+++ b/patches/tlsexttest.c.patch
@@ -1,6 +1,6 @@
---- tests/tlsexttest.c.orig     Fri Feb 18 16:30:40 2022
-+++ tests/tlsexttest.c  Mon Feb 21 05:39:35 2022
-@@ -1658,7 +1658,9 @@
+--- tests/tlsexttest.c.orig     Mon Sep  5 22:30:36 2022
++++ tests/tlsexttest.c  Mon Sep  5 22:32:52 2022
+@@ -1773,7 +1773,9 @@ static unsigned char tlsext_sni_client[] = {
  };
  
  static unsigned char tlsext_sni_server[] = {
@@ -10,7 +10,7 @@
  
  static int
  test_tlsext_sni_client(void)
-@@ -1843,9 +1845,9 @@
+@@ -1971,9 +1973,9 @@ test_tlsext_sni_server(void)
         if (!CBB_finish(&cbb, &data, &dlen))
                 errx(1, "failed to finish CBB");
  
@@ -22,7 +22,7 @@
                 goto err;
         }
  
-@@ -1854,14 +1856,14 @@
+@@ -1982,14 +1984,14 @@ test_tlsext_sni_server(void)
                 fprintf(stderr, "received:\n");
                 hexdump(data, dlen);
                 fprintf(stderr, "test data:\n");
@@ -36,10 +36,10 @@
  
 -       CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
 +       CBS_init(&cbs, tlsext_sni_server, sizeof_tlsext_sni_server);
-        if (!tlsext_sni_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
+        if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
                 FAIL("failed to parse server SNI\n");
                 goto err;
-@@ -2747,7 +2749,10 @@
+@@ -3196,7 +3198,10 @@ unsigned char tlsext_clienthello_default[] = {
         0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
  };
  
@@ -51,7 +51,7 @@
  
  static int
  test_tlsext_clienthello_build(void)
-@@ -2826,18 +2831,18 @@
+@@ -3282,18 +3287,18 @@ test_tlsext_clienthello_build(void)
                 goto err;
         }
  
diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt
index 07636ad..8e974a8 100644
--- a/ssl/CMakeLists.txt
+++ b/ssl/CMakeLists.txt
@@ -37,6 +37,7 @@ set(
         tls_buffer.c
         tls_content.c
         tls_key_share.c
+        tls_lib.c
         tls12_key_schedule.c
         tls12_lib.c
         tls12_record_layer.c
@@ -47,6 +48,7 @@ set(
         tls13_key_schedule.c
         tls13_legacy.c
         tls13_lib.c
+        tls13_quic.c
         tls13_record.c
         tls13_record_layer.c
         tls13_server.c
diff --git a/ssl/Makefile.am b/ssl/Makefile.am
index 9cf3839..d5c0466 100644
--- a/ssl/Makefile.am
+++ b/ssl/Makefile.am
@@ -76,6 +76,7 @@ libssl_la_SOURCES += t1_lib.c
 libssl_la_SOURCES += tls_buffer.c
 libssl_la_SOURCES += tls_content.c
 libssl_la_SOURCES += tls_key_share.c
+libssl_la_SOURCES += tls_lib.c
 libssl_la_SOURCES += tls12_key_schedule.c
 libssl_la_SOURCES += tls12_lib.c
 libssl_la_SOURCES += tls12_record_layer.c
@@ -86,6 +87,7 @@ libssl_la_SOURCES += tls13_handshake_msg.c
 libssl_la_SOURCES += tls13_key_schedule.c
 libssl_la_SOURCES += tls13_legacy.c
 libssl_la_SOURCES += tls13_lib.c
+libssl_la_SOURCES += tls13_quic.c
 libssl_la_SOURCES += tls13_record.c
 libssl_la_SOURCES += tls13_record_layer.c
 libssl_la_SOURCES += tls13_server.c
diff --git a/tap-driver.sh b/tap-driver.sh
index 0ca4903..fea066f 100755
--- a/tap-driver.sh
+++ b/tap-driver.sh
@@ -1,5 +1,5 @@
 #! /bin/sh
-# Copyright (C) 2011-2020 Free Software Foundation, Inc.
+# Copyright (C) 2011-2021 Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index e6cb2bc..9b10b33 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -4,6 +4,7 @@ include_directories(
         .
         ../crypto/asn1
         ../crypto/bio
+        ../crypto/bn
         ../crypto/evp
         ../crypto/modes
         ../crypto/x509
@@ -21,7 +22,12 @@ file(TO_NATIVE_PATH ${CMAKE_CURRENT_SOURCE_DIR} TEST_SOURCE_DIR)
 # aeadtest
 add_executable(aeadtest aeadtest.c)
 target_link_libraries(aeadtest ${OPENSSL_TEST_LIBS})
-add_test(aeadtest aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtests.txt)
+if(NOT WIN32)
+        add_test(NAME aeadtest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/aeadtest.sh)
+        set_tests_properties(aeadtest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}")
+else()
+        add_test(aeadtest aeadtest aead ${CMAKE_CURRENT_SOURCE_DIR}/aeadtests.txt)
+endif()
 
 # aes_wrap
 add_executable(aes_wrap aes_wrap.c)
@@ -104,6 +110,11 @@ add_executable(bnaddsub bnaddsub.c)
 target_link_libraries(bnaddsub ${OPENSSL_TEST_LIBS})
 add_test(bnaddsub bnaddsub)
 
+# bn_isqrt
+add_executable(bn_isqrt bn_isqrt.c)
+target_link_libraries(bn_isqrt ${OPENSSL_TEST_LIBS})
+add_test(bn_isqrt bn_isqrt)
+
 # bn_mod_exp2_mont
 add_executable(bn_mod_exp2_mont bn_mod_exp2_mont.c)
 target_link_libraries(bn_mod_exp2_mont ${OPENSSL_TEST_LIBS})
@@ -114,6 +125,11 @@ add_executable(bn_mod_sqrt bn_mod_sqrt.c)
 target_link_libraries(bn_mod_sqrt ${OPENSSL_TEST_LIBS})
 add_test(bn_mod_sqrt bn_mod_sqrt)
 
+# bn_primes
+add_executable(bn_primes bn_primes.c)
+target_link_libraries(bn_primes ${OPENSSL_TEST_LIBS})
+add_test(bn_primes bn_primes)
+
 # bn_rand_interval
 add_executable(bn_rand_interval bn_rand_interval.c)
 target_link_libraries(bn_rand_interval ${OPENSSL_TEST_LIBS})
@@ -326,15 +342,10 @@ add_test(keypairtest keypairtest
         ${CMAKE_CURRENT_SOURCE_DIR}/server.pem
         ${CMAKE_CURRENT_SOURCE_DIR}/server.pem)
 
-# md4test
-add_executable(md4test md4test.c)
-target_link_libraries(md4test ${OPENSSL_TEST_LIBS})
-add_test(md4test md4test)
-
-# md5test
-add_executable(md5test md5test.c)
-target_link_libraries(md5test ${OPENSSL_TEST_LIBS})
-add_test(md5test md5test)
+# md_test
+add_executable(md_test md_test.c)
+target_link_libraries(md_test ${OPENSSL_TEST_LIBS})
+add_test(md_test md_test)
 
 # mont
 add_executable(mont mont.c)
@@ -397,20 +408,31 @@ else()
 endif()
 set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}")
 
+# quictest
+set(QUICTEST_SRC quictest.c)
+add_executable(quictest ${QUICTEST_SRC})
+target_link_libraries(quictest ${OPENSSL_TEST_LIBS})
+if(NOT MSVC)
+        add_test(NAME quictest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/quictest.sh)
+else()
+        add_test(NAME quictest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/quictest.bat $<TARGET_FILE:quictest>)
+endif()
+set_tests_properties(quictest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}")
+
 # randtest
 add_executable(randtest randtest.c)
 target_link_libraries(randtest ${OPENSSL_TEST_LIBS})
 add_test(randtest randtest)
 
-# rc2test
-add_executable(rc2test rc2test.c)
-target_link_libraries(rc2test ${OPENSSL_TEST_LIBS})
-add_test(rc2test rc2test)
+# rc2_test
+add_executable(rc2_test rc2_test.c)
+target_link_libraries(rc2_test ${OPENSSL_TEST_LIBS})
+add_test(rc2_test rc2_test)
 
-# rc4test
-add_executable(rc4test rc4test.c)
-target_link_libraries(rc4test ${OPENSSL_TEST_LIBS})
-add_test(rc4test rc4test)
+# rc4_test
+add_executable(rc4_test rc4_test.c)
+target_link_libraries(rc4_test ${OPENSSL_TEST_LIBS})
+add_test(rc4_test rc4_test)
 
 # recordtest
 add_executable(recordtest recordtest.c)
@@ -437,10 +459,10 @@ else()
         add_test(rfc5280time rfc5280time)
 endif()
 
-# rmdtest
-add_executable(rmdtest rmdtest.c)
-target_link_libraries(rmdtest ${OPENSSL_TEST_LIBS})
-add_test(rmdtest rmdtest)
+# rmd_test
+add_executable(rmd_test rmd_test.c)
+target_link_libraries(rmd_test ${OPENSSL_TEST_LIBS})
+add_test(rmd_test rmd_test)
 
 # rsa_test
 add_executable(rsa_test rsa_test.c)
@@ -457,20 +479,10 @@ else()
 endif()
 set_tests_properties(servertest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}")
 
-# sha1test
-add_executable(sha1test sha1test.c)
-target_link_libraries(sha1test ${OPENSSL_TEST_LIBS})
-add_test(sha1test sha1test)
-
-# sha256test
-add_executable(sha256test sha256test.c)
-target_link_libraries(sha256test ${OPENSSL_TEST_LIBS})
-add_test(sha256test sha256test)
-
-# sha512test
-add_executable(sha512test sha512test.c)
-target_link_libraries(sha512test ${OPENSSL_TEST_LIBS})
-add_test(sha512test sha512test)
+# sha_test
+add_executable(sha_test sha_test.c)
+target_link_libraries(sha_test ${OPENSSL_TEST_LIBS})
+add_test(sha_test sha_test)
 
 # sm3test
 add_executable(sm3test sm3test.c)
@@ -494,6 +506,11 @@ add_executable(ssl_methods ssl_methods.c)
 target_link_libraries(ssl_methods ${OPENSSL_TEST_LIBS})
 add_test(ssl_methods ssl_methods)
 
+# ssl_set_alpn_protos
+add_executable(ssl_set_alpn_protos ssl_set_alpn_protos.c)
+target_link_libraries(ssl_set_alpn_protos ${OPENSSL_TEST_LIBS})
+add_test(ssl_set_alpn_protos ssl_set_alpn_protos)
+
 # ssl_versions
 add_executable(ssl_versions ssl_versions.c)
 target_link_libraries(ssl_versions ${OPENSSL_TEST_LIBS})
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 5f768e2..24e6f2e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -34,6 +34,11 @@ check_PROGRAMS += aeadtest
 aeadtest_SOURCES = aeadtest.c
 EXTRA_DIST += aeadtest.sh
 EXTRA_DIST += aeadtests.txt
+EXTRA_DIST += aes_128_gcm_tests.txt
+EXTRA_DIST += aes_192_gcm_tests.txt
+EXTRA_DIST += aes_256_gcm_tests.txt
+EXTRA_DIST += chacha20_poly1305_tests.txt
+EXTRA_DIST += xchacha20_poly1305_tests.txt
 
 # aes_wrap
 TESTS += aes_wrap
@@ -117,16 +122,16 @@ check_PROGRAMS += biotest
 biotest_SOURCES = biotest.c
 endif
 
-# bn_primes
-TESTS += bn_primes
-check_PROGRAMS += bn_primes
-bn_primes_SOURCES = bn_primes.c
-
 # bnaddsub
 TESTS += bnaddsub
 check_PROGRAMS += bnaddsub
 bnaddsub_SOURCES = bnaddsub.c
 
+# bn_isqrt
+TESTS += bn_isqrt
+check_PROGRAMS += bn_isqrt
+bn_isqrt_SOURCES = bn_isqrt.c
+
 # bn_mod_exp2_mont
 TESTS += bn_mod_exp2_mont
 check_PROGRAMS += bn_mod_exp2_mont
@@ -137,6 +142,11 @@ TESTS += bn_mod_sqrt
 check_PROGRAMS += bn_mod_sqrt
 bn_mod_sqrt_SOURCES = bn_mod_sqrt.c
 
+# bn_primes
+TESTS += bn_primes
+check_PROGRAMS += bn_primes
+bn_primes_SOURCES = bn_primes.c
+
 # bn_rand_interval
 TESTS += bn_rand_interval
 check_PROGRAMS += bn_rand_interval
@@ -350,15 +360,10 @@ check_PROGRAMS += keypairtest
 keypairtest_SOURCES = keypairtest.c
 EXTRA_DIST += keypairtest.sh
 
-# md4test
-TESTS += md4test
-check_PROGRAMS += md4test
-md4test_SOURCES = md4test.c
-
-# md5test
-TESTS += md5test
-check_PROGRAMS += md5test
-md5test_SOURCES = md5test.c
+# md_test
+TESTS += md_test
+check_PROGRAMS += md_test
+md_test_SOURCES = md_test.c
 
 # mont
 TESTS += mont
@@ -415,20 +420,26 @@ pq_test_SOURCES = pq_test.c
 EXTRA_DIST += pq_test.sh pq_test.bat
 EXTRA_DIST += pq_expected.txt
 
+# quictest
+TESTS += quictest.sh
+check_PROGRAMS += quictest
+quictest_SOURCES = quictest.c
+EXTRA_DIST += quictest.sh quictest.bat
+
 # randtest
 TESTS += randtest
 check_PROGRAMS += randtest
 randtest_SOURCES = randtest.c
 
-# rc2test
-TESTS += rc2test
-check_PROGRAMS += rc2test
-rc2test_SOURCES = rc2test.c
+# rc2_test
+TESTS += rc2_test
+check_PROGRAMS += rc2_test
+rc2_test_SOURCES = rc2_test.c
 
-# rc4test
-TESTS += rc4test
-check_PROGRAMS += rc4test
-rc4test_SOURCES = rc4test.c
+# rc4_test
+TESTS += rc4_test
+check_PROGRAMS += rc4_test
+rc4_test_SOURCES = rc4_test.c
 
 # recordtest
 TESTS += recordtest
@@ -456,10 +467,10 @@ TESTS += rfc5280time
 endif
 EXTRA_DIST += rfc5280time_small.test
 
-# rmdtest
-TESTS += rmdtest
-check_PROGRAMS += rmdtest
-rmdtest_SOURCES = rmdtest.c
+# rmd_test
+TESTS += rmd_test
+check_PROGRAMS += rmd_test
+rmd_test_SOURCES = rmd_test.c
 
 # rsa_test
 TESTS += rsa_test
@@ -472,20 +483,10 @@ check_PROGRAMS += servertest
 servertest_SOURCES = servertest.c
 EXTRA_DIST += servertest.sh servertest.bat
 
-# sha1test
-TESTS += sha1test
-check_PROGRAMS += sha1test
-sha1test_SOURCES = sha1test.c
-
-# sha256test
-TESTS += sha256test
-check_PROGRAMS += sha256test
-sha256test_SOURCES = sha256test.c
-
-# sha512test
-TESTS += sha512test
-check_PROGRAMS += sha512test
-sha512test_SOURCES = sha512test.c
+# sha_test
+TESTS += sha_test
+check_PROGRAMS += sha_test
+sha_test_SOURCES = sha_test.c
 
 # sm3test
 TESTS += sm3test
@@ -508,6 +509,11 @@ TESTS += ssl_methods
 check_PROGRAMS += ssl_methods
 ssl_methods_SOURCES = ssl_methods.c
 
+# ssl_set_alpn_protos
+TESTS += ssl_set_alpn_protos
+check_PROGRAMS += ssl_set_alpn_protos
+ssl_set_alpn_protos_SOURCES = ssl_set_alpn_protos.c
+
 # ssl_versions
 TESTS += ssl_versions
 check_PROGRAMS += ssl_versions
diff --git a/tests/aeadtest.sh b/tests/aeadtest.sh
index 132b1fd..9f59595 100755
--- a/tests/aeadtest.sh
+++ b/tests/aeadtest.sh
@@ -4,4 +4,10 @@ TEST=./aeadtest
 if [ -e ./aeadtest.exe ]; then
         TEST=./aeadtest.exe
 fi
-$TEST $srcdir/aeadtests.txt
+$TEST aead $srcdir/aeadtests.txt
+$TEST aes-128-gcm $srcdir/aes_128_gcm_tests.txt
+$TEST aes-192-gcm $srcdir/aes_192_gcm_tests.txt
+$TEST aes-256-gcm $srcdir/aes_256_gcm_tests.txt
+$TEST chacha20-poly1305 $srcdir/chacha20_poly1305_tests.txt
+$TEST xchacha20-poly1305 $srcdir/xchacha20_poly1305_tests.txt
+
diff --git a/tests/quictest.bat b/tests/quictest.bat
new file mode 100644
index 0000000..cfbf2cd
--- /dev/null
+++ b/tests/quictest.bat
@@ -0,0 +1,14 @@
+@echo off

+setlocal enabledelayedexpansion

+REM     quictest.bat

+

+set quictest_bin=%1

+set quictest_bin=%quictest_bin:/=\%

+if not exist %quictest_bin% exit /b 1

+

+%quictest_bin% %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+

+endlocal

diff --git a/tests/quictest.sh b/tests/quictest.sh
new file mode 100755
index 0000000..cc1982f
--- /dev/null
+++ b/tests/quictest.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+quictest_bin=./quictest
+if [ -e ./quictest.exe ]; then
+        quictest_bin=./quictest.exe
+fi
+
+if [ -z $srcdir ]; then
+        srcdir=.
+fi
+
+$quictest_bin $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem
diff --git a/update.sh b/update.sh
index 2f325ca..3aea129 100755
--- a/update.sh
+++ b/update.sh
@@ -288,7 +288,7 @@ for i in `find $libcrypto_regress -name '*.c'`; do
          $CP "$i" tests
 done
 $CP $libcrypto_regress/evp/evptests.txt tests
-$CP $libcrypto_regress/aead/aeadtests.txt tests
+$CP $libcrypto_regress/aead/*.txt tests
 
 # generate libcrypto freenull.c
 awk -f $libcrypto_regress/free/freenull.awk \