Inital import.

Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta).

(This change contains substantial changes from the original and
effectively starts a new history.)

5 files changed, 1649 insertions, 0 deletions

diff --git a/crypto/err/CMakeLists.txt b/crypto/err/CMakeLists.txt
new file mode 100644
index 00000000..1ac4951b
--- /dev/null
+++ b/crypto/err/CMakeLists.txt
@@ -0,0 +1,18 @@
+include_directories(. .. ../../include)
+
+add_library(
+	err
+
+	OBJECT
+
+	err.c
+	err_impl.c
+)
+
+add_executable(
+	err_test
+
+	err_test.c
+)
+
+target_link_libraries(err_test crypto)
diff --git a/crypto/err/err.c b/crypto/err/err.c
new file mode 100644
index 00000000..b78ee6b3
--- /dev/null
+++ b/crypto/err/err.c
@@ -0,0 +1,737 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com). */
+
+#include <openssl/err.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <inttypes.h>
+#include <stdarg.h>
+#include <stdio.h>
+
+#include <openssl/lhash.h>
+#include <openssl/mem.h>
+#include <openssl/thread.h>
+
+
+/* err_fns contains a pointer to the current error implementation. */
+static const struct ERR_FNS_st *err_fns = NULL;
+extern const struct ERR_FNS_st openssl_err_default_impl;
+
+#define ERRFN(a) err_fns->a
+
+/* err_fns_check is an internal function that checks whether "err_fns" is set
+ * and if not, sets it to the default. */
+static void err_fns_check(void) {
+  /* In practice, this is not a race problem because loading the error strings
+   * at init time will cause this pointer to be set before the process goes
+   * multithreaded. */
+  if (err_fns) {
+    return;
+  }
+
+  CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+  if (!err_fns) {
+    err_fns = &openssl_err_default_impl;
+  }
+  CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+}
+
+/* err_clear_data frees the optional |data| member of the given error. */
+static void err_clear_data(struct err_error_st *error) {
+  if (error->data != NULL && (error->flags & ERR_FLAG_MALLOCED) != 0) {
+    OPENSSL_free(error->data);
+  }
+  error->data = NULL;
+  error->flags &= ~ERR_FLAG_MALLOCED;
+}
+
+/* err_clear clears the given queued error. */
+static void err_clear(struct err_error_st *error) {
+  err_clear_data(error);
+  memset(error, 0, sizeof(struct err_error_st));
+}
+
+/* err_get_state gets the ERR_STATE object for the current thread. */
+static ERR_STATE *err_get_state(void) {
+  err_fns_check();
+  return ERRFN(get_state)();
+}
+
+static uint32_t get_error_values(int inc, int top, const char **file, int *line,
+                                 char **data, int *flags) {
+  unsigned i = 0;
+  ERR_STATE *state;
+  struct err_error_st *error;
+  uint32_t ret;
+
+  state = err_get_state();
+
+  if (state->bottom == state->top) {
+    return 0;
+  }
+
+  if (top) {
+    /* last error */
+    i = state->top;
+  } else {
+    i = (state->bottom + 1) % ERR_NUM_ERRORS;
+  }
+
+  error = &state->errors[i];
+  ret = error->packed;
+
+  if (file != NULL && line != NULL) {
+    if (error->file == NULL) {
+      *file = "NA";
+      *line = 0;
+    } else {
+      *file = error->file;
+      *line = error->line;
+    }
+  }
+
+  if (data != NULL) {
+    if (error->data == NULL) {
+      *data = "";
+      if (flags != NULL) {
+        *flags = 0;
+      }
+    } else {
+      *data = error->data;
+      if (flags != NULL) {
+        *flags = error->flags & ERR_FLAG_PUBLIC_MASK;
+      }
+      error->data = NULL;
+      error->flags = 0;
+    }
+  }
+
+  if (inc) {
+    assert(!top);
+    err_clear(error);
+    state->bottom = i;
+  }
+
+  return ret;
+}
+
+uint32_t ERR_get_error(void) {
+  return get_error_values(1, 0, NULL, NULL, NULL, NULL);
+}
+
+uint32_t ERR_get_error_line(const char **file, int *line) {
+  return get_error_values(1, 0, file, line, NULL, NULL);
+}
+
+uint32_t ERR_get_error_line_data(const char **file, int *line,
+                                 char **data, int *flags) {
+  return get_error_values(1, 0, file, line, data, flags);
+}
+
+uint32_t ERR_peek_error(void) {
+  return get_error_values(0, 0, NULL, NULL, NULL, NULL);
+}
+
+uint32_t ERR_peek_error_line(const char **file, int *line) {
+  return get_error_values(0, 0, file, line, NULL, NULL);
+}
+
+uint32_t ERR_peek_error_line_data(const char **file, int *line,
+                                  const char **data, int *flags) {
+  return get_error_values(0, 0, file, line, (char **) data, flags);
+}
+
+uint32_t ERR_peek_last_error(void) {
+  return get_error_values(0, 1, NULL, NULL, NULL, NULL);
+}
+
+uint32_t ERR_peek_last_error_line(const char **file, int *line) {
+  return get_error_values(0, 1, file, line, NULL, NULL);
+}
+
+uint32_t ERR_peek_last_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags) {
+  return get_error_values(0, 1, file, line, (char **) data, flags);
+}
+
+void ERR_clear_error(void) {
+  ERR_STATE *const state = err_get_state();
+  unsigned i;
+
+  for (i = 0; i < ERR_NUM_ERRORS; i++) {
+    err_clear(&state->errors[i]);
+  }
+
+  state->top = state->bottom = 0;
+}
+
+void ERR_clear_system_error(void) {
+  errno = 0;
+}
+
+char *ERR_error_string(uint32_t packed_error, char *ret) {
+  static char buf[ERR_ERROR_STRING_BUF_LEN];
+
+  if (ret == NULL) {
+    /* TODO(fork): remove this. */
+    ret = buf;
+  }
+
+#if !defined(NDEBUG)
+  /* This is aimed to help catch callers who don't provide
+   * |ERR_ERROR_STRING_BUF_LEN| bytes of space. */
+  memset(ret, 0, ERR_ERROR_STRING_BUF_LEN);
+#endif
+
+  ERR_error_string_n(packed_error, ret, ERR_ERROR_STRING_BUF_LEN);
+
+  return ret;
+}
+
+void ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) {
+  char lib_buf[64], func_buf[64], reason_buf[64];
+  const char *lib_str, *func_str, *reason_str;
+  unsigned lib, func, reason;
+
+  if (len == 0) {
+    return;
+  }
+
+  lib = ERR_GET_LIB(packed_error);
+  func = ERR_GET_FUNC(packed_error);
+  reason = ERR_GET_REASON(packed_error);
+
+  lib_str = ERR_lib_error_string(packed_error);
+  func_str = ERR_func_error_string(packed_error);
+  reason_str = ERR_reason_error_string(packed_error);
+
+  if (lib_str == NULL) {
+    BIO_snprintf(lib_buf, sizeof(lib_buf), "lib(%u)", lib);
+    lib_str = lib_buf;
+  }
+
+  if (func_str == NULL) {
+    BIO_snprintf(func_buf, sizeof(func_buf), "func(%u)", func);
+    func_str = func_buf;
+  }
+
+  if (reason_str == NULL) {
+    BIO_snprintf(reason_buf, sizeof(reason_buf), "reason(%u)", reason);
+    reason_str = reason_buf;
+  }
+
+  BIO_snprintf(buf, len, "error:%08" PRIx32 ":%s:%s:%s",
+               packed_error, lib_str, func_str, reason_str);
+
+  if (strlen(buf) == len - 1) {
+    /* output may be truncated; make sure we always have 5 colon-separated
+     * fields, i.e. 4 colons. */
+    static const unsigned num_colons = 4;
+    unsigned i;
+    char *s = buf;
+
+    if (len <= num_colons) {
+      /* In this situation it's not possible to ensure that the correct number
+       * of colons are included in the output. */
+      return;
+    }
+
+    for (i = 0; i < num_colons; i++) {
+      char *colon = strchr(s, ':');
+      char *last_pos = &buf[len - 1] - num_colons + i;
+
+      if (colon == NULL || colon > last_pos) {
+        /* set colon |i| at last possible position (buf[len-1] is the
+         * terminating 0). If we're setting this colon, then all whole of the
+         * rest of the string must be colons in order to have the correct
+         * number. */
+        memset(last_pos, ':', num_colons - i);
+        break;
+      }
+
+      s = colon + 1;
+    }
+  }
+}
+
+/* err_component_error_string returns the error string associated with
+ * |packed_error|, which must be of a special form matching the keys inserted
+ * into the error hash table. */
+static const char *err_component_error_string(uint32_t packed_error) {
+  ERR_STRING_DATA *p;
+
+  err_fns_check();
+  p = ERRFN(get_item)(packed_error);
+
+  if (p == NULL) {
+    return NULL;
+  }
+  return p->string;
+}
+
+const char *ERR_lib_error_string(uint32_t packed_error) {
+  return err_component_error_string(ERR_PACK(ERR_GET_LIB(packed_error), 0, 0));
+}
+
+const char *ERR_func_error_string(uint32_t packed_error) {
+  return err_component_error_string(
+      ERR_PACK(ERR_GET_LIB(packed_error), ERR_GET_FUNC(packed_error), 0));
+}
+
+const char *ERR_reason_error_string(uint32_t packed_error) {
+  const char *reason_str = err_component_error_string(
+      ERR_PACK(ERR_GET_LIB(packed_error), 0, ERR_GET_REASON(packed_error)));
+
+  if (reason_str != NULL) {
+    return reason_str;
+  }
+
+  return err_component_error_string(
+      ERR_PACK(0, 0, ERR_GET_REASON(packed_error)));
+}
+
+void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx) {
+  CRYPTO_THREADID current_thread;
+  char buf[ERR_ERROR_STRING_BUF_LEN];
+  char buf2[1024];
+  unsigned long thread_hash;
+  const char *file;
+  char *data;
+  int line, flags;
+  uint32_t packed_error;
+
+  CRYPTO_THREADID_current(&current_thread);
+  thread_hash = CRYPTO_THREADID_hash(&current_thread);
+
+  for (;;) {
+    packed_error = ERR_get_error_line_data(&file, &line, &data, &flags);
+    if (packed_error == 0) {
+      break;
+    }
+
+    ERR_error_string_n(packed_error, buf, sizeof(buf));
+    BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", thread_hash, buf,
+                 file, line, (flags & ERR_FLAG_STRING) ? data : "");
+    if (callback(buf2, strlen(buf2), ctx) <= 0) {
+      break;
+    }
+    if (flags & ERR_FLAG_MALLOCED) {
+      OPENSSL_free(data);
+    }
+  }
+}
+
+/* err_set_error_data sets the data on the most recent error. The |flags|
+ * argument is a combination of the |ERR_FLAG_*| values. */
+static void err_set_error_data(char *data, int flags) {
+  ERR_STATE *const state = err_get_state();
+  struct err_error_st *error;
+
+  if (state->top == state->bottom) {
+    return;
+  }
+
+  error = &state->errors[state->top];
+
+  err_clear_data(error);
+  error->data = data;
+  error->flags = flags;
+}
+
+void ERR_put_error(int library, int func, int reason, const char *file,
+                   unsigned line) {
+  ERR_STATE *const state = err_get_state();
+  struct err_error_st *error;
+
+  if (library == ERR_LIB_SYS && reason == 0) {
+#if defined(WIN32)
+    reason = GetLastError();
+#else
+    reason = errno;
+#endif
+  }
+
+  state->top = (state->top + 1) % ERR_NUM_ERRORS;
+  if (state->top == state->bottom) {
+    state->bottom = (state->bottom + 1) % ERR_NUM_ERRORS;
+  }
+
+  error = &state->errors[state->top];
+  err_clear(error);
+  error->file = file;
+  error->line = line;
+  error->packed = ERR_PACK(library, func, reason);
+}
+
+/* ERR_add_error_data_vdata takes a variable number of const char* pointers,
+ * concatenates them and sets the result as the data on the most recent
+ * error. */
+static void err_add_error_vdata(unsigned num, va_list args) {
+  size_t alloced, new_len, len = 0, substr_len;
+  char *buf;
+  const char *substr;
+  unsigned i;
+
+  alloced = 80;
+  buf = OPENSSL_malloc(alloced + 1);
+  if (buf == NULL) {
+    return;
+  }
+
+  for (i = 0; i < num; i++) {
+    substr = va_arg(args, const char *);
+    if (substr == NULL) {
+      continue;
+    }
+
+    substr_len = strlen(substr);
+    new_len = len + substr_len;
+    if (new_len > alloced) {
+      char *new_buf;
+
+      if (alloced + 20 + 1 < alloced) {
+        /* overflow. */
+        OPENSSL_free(buf);
+        return;
+      }
+
+      alloced = new_len + 20;
+      new_buf = OPENSSL_realloc(buf, alloced + 1);
+      if (new_buf == NULL) {
+        OPENSSL_free(buf);
+        return;
+      }
+      buf = new_buf;
+    }
+
+    memcpy(buf + len, substr, substr_len);
+    len = new_len;
+  }
+
+  buf[len] = 0;
+  err_set_error_data(buf, ERR_FLAG_MALLOCED | ERR_FLAG_STRING);
+}
+
+void ERR_add_error_data(unsigned count, ...) {
+  va_list args;
+  va_start(args, count);
+  err_add_error_vdata(count, args);
+  va_end(args);
+}
+
+void ERR_add_error_dataf(const char *format, ...) {
+  va_list ap;
+  char *buf;
+  static const unsigned buf_len = 256;
+
+  /* A fixed-size buffer is used because va_copy (which would be needed in
+   * order to call vsnprintf twice and measure the buffer) wasn't defined until
+   * C99. */
+  buf = OPENSSL_malloc(buf_len + 1);
+  if (buf == NULL) {
+    return;
+  }
+
+  va_start(ap, format);
+  BIO_vsnprintf(buf, buf_len, format, ap);
+  buf[buf_len] = 0;
+  va_end(ap);
+
+  err_set_error_data(buf, ERR_FLAG_MALLOCED | ERR_FLAG_STRING);
+}
+
+int ERR_set_mark(void) {
+  ERR_STATE *const state = err_get_state();
+
+  if (state->bottom == state->top) {
+    return 0;
+  }
+  state->errors[state->top].flags |= ERR_FLAG_MARK;
+  return 1;
+}
+
+int ERR_pop_to_mark(void) {
+  ERR_STATE *const state = err_get_state();
+  struct err_error_st *error;
+
+  while (state->bottom != state->top) {
+    error = &state->errors[state->top];
+
+    if ((error->flags & ERR_FLAG_MARK) != 0) {
+      break;
+    }
+
+    err_clear(error);
+    if (state->top == 0) {
+      state->top = ERR_NUM_ERRORS - 1;
+    } else {
+      state->top--;
+    }
+  }
+
+  if (state->bottom == state->top) {
+    return 0;
+  }
+
+  error->flags &= ~ERR_FLAG_MARK;
+  return 1;
+}
+
+static const char *const kLibraryNames[ERR_NUM_LIBS] = {
+    "invalid library (0)",
+    "unknown library",                            /* ERR_LIB_NONE */
+    "system library",                             /* ERR_LIB_SYS */
+    "bignum routines",                            /* ERR_LIB_BN */
+    "RSA routines",                               /* ERR_LIB_RSA */
+    "Diffie-Hellman routines",                    /* ERR_LIB_DH */
+    "public key routines",                        /* ERR_LIB_EVP */
+    "memory buffer routines",                     /* ERR_LIB_BUF */
+    "object identifier routines",                 /* ERR_LIB_OBJ */
+    "PEM routines",                               /* ERR_LIB_PEM */
+    "DSA routines",                               /* ERR_LIB_DSA */
+    "X.509 certificate routines",                 /* ERR_LIB_X509 */
+    "ASN.1 encoding routines",                    /* ERR_LIB_ASN1 */
+    "configuration file routines",                /* ERR_LIB_CONF */
+    "common libcrypto routines",                  /* ERR_LIB_CRYPTO */
+    "elliptic curve routines",                    /* ERR_LIB_EC */
+    "SSL routines",                               /* ERR_LIB_SSL */
+    "BIO routines",                               /* ERR_LIB_BIO */
+    "PKCS7 routines",                             /* ERR_LIB_PKCS7 */
+    "PKCS8 routines",                             /* ERR_LIB_PKCS8 */
+    "X509 V3 routines",                           /* ERR_LIB_X509V3 */
+    "PKCS12 routines",                            /* ERR_LIB_PKCS12 */
+    "random number generator",                    /* ERR_LIB_RAND */
+    "ENGINE routines",                            /* ERR_LIB_ENGINE */
+    "OCSP routines",                              /* ERR_LIB_OCSP */
+    "UI routines",                                /* ERR_LIB_UI */
+    "COMP routines",                              /* ERR_LIB_COMP */
+    "ECDSA routines",                             /* ERR_LIB_ECDSA */
+    "ECDH routines",                              /* ERR_LIB_ECDH */
+    "HMAC routines",                              /* ERR_LIB_HMAC */
+    "Digest functions",                           /* ERR_LIB_DIGEST */
+    "Cipher functions",                           /* ERR_LIB_CIPHER */
+    "User defined functions",                     /* ERR_LIB_USER */
+};
+
+#define NUM_SYS_ERRNOS 127
+
+/* kStaticErrors provides storage for ERR_STRING_DATA values that are created
+ * at init time because we assume that ERR_STRING_DATA structures aren't
+ * allocated on the heap. */
+static ERR_STRING_DATA kStaticErrors[ERR_NUM_LIBS * 2 + NUM_SYS_ERRNOS];
+
+static ERR_STRING_DATA kGlobalErrors[] = {
+    {ERR_R_MALLOC_FAILURE, "malloc failure"},
+    {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, "function should not be called"},
+    {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"},
+    {ERR_R_INTERNAL_ERROR, "internal error"},
+
+    {ERR_PACK(ERR_LIB_SYS, SYS_F_fopen, 0), "fopen"},
+    {ERR_PACK(ERR_LIB_SYS, SYS_F_fclose, 0), "fclose"},
+    {ERR_PACK(ERR_LIB_SYS, SYS_F_fread, 0), "fread"},
+    {ERR_PACK(ERR_LIB_SYS, SYS_F_fwrite, 0), "fwrite"},
+    {ERR_PACK(ERR_LIB_SYS, SYS_F_socket, 0), "socket"},
+    {ERR_PACK(ERR_LIB_SYS, SYS_F_setsockopt, 0), "setsockopt"},
+    {ERR_PACK(ERR_LIB_SYS, SYS_F_connect, 0), "connect"},
+    {ERR_PACK(ERR_LIB_SYS, SYS_F_getaddrinfo, 0), "getaddrinfo"},
+
+    {0, NULL},
+};
+
+
+extern const ERR_STRING_DATA ASN1_error_string_data[];
+extern const ERR_STRING_DATA BIO_error_string_data[];
+extern const ERR_STRING_DATA BN_error_string_data[];
+extern const ERR_STRING_DATA BUF_error_string_data[];
+extern const ERR_STRING_DATA CIPHER_error_string_data[];
+extern const ERR_STRING_DATA CONF_error_string_data[];
+extern const ERR_STRING_DATA CRYPTO_error_string_data[];
+extern const ERR_STRING_DATA DH_error_string_data[];
+extern const ERR_STRING_DATA DIGEST_error_string_data[];
+extern const ERR_STRING_DATA DSA_error_string_data[];
+extern const ERR_STRING_DATA ECDH_error_string_data[];
+extern const ERR_STRING_DATA ECDSA_error_string_data[];
+extern const ERR_STRING_DATA EC_error_string_data[];
+extern const ERR_STRING_DATA EVP_error_string_data[];
+extern const ERR_STRING_DATA OBJ_error_string_data[];
+extern const ERR_STRING_DATA PEM_error_string_data[];
+extern const ERR_STRING_DATA RSA_error_string_data[];
+extern const ERR_STRING_DATA X509V3_error_string_data[];
+extern const ERR_STRING_DATA X509_error_string_data[];
+
+static void err_load_strings(void) {
+  unsigned i, j = 0;
+
+  err_fns_check();
+
+  /* This loop loads strings for the libraries for the ERR_R_*_LIB
+   * reasons. */
+  for (i = ERR_LIB_NONE; i < ERR_NUM_LIBS; i++) {
+    ERR_STRING_DATA *data = &kStaticErrors[j++];
+    data->string = kLibraryNames[i];
+    data->error = ERR_PACK(i, 0, 0);
+    ERRFN(set_item)(data);
+
+    data = &kStaticErrors[j++];
+    data->string = kLibraryNames[i];
+    data->error = ERR_PACK(0, 0, i);
+    ERRFN(set_item)(data);
+  }
+
+  for (i = 1; i < 1 + NUM_SYS_ERRNOS; i++) {
+    /* The "SYS" library sets errno values as the reason for its errors.
+     * Thus we load the first |NUM_SYS_ERRNOS| errno strings as the
+     * reason strings for that library. */
+
+    ERR_STRING_DATA *data = &kStaticErrors[j++];
+    data->string = strerror(i);
+    data->error = ERR_PACK(ERR_LIB_SYS, 0, i);
+    ERRFN(set_item)(data);
+  }
+
+  ERR_load_strings(kGlobalErrors);
+
+  ERR_load_strings(ASN1_error_string_data);
+  ERR_load_strings(BIO_error_string_data);
+  ERR_load_strings(BN_error_string_data);
+  ERR_load_strings(BUF_error_string_data);
+  ERR_load_strings(CIPHER_error_string_data);
+  ERR_load_strings(CONF_error_string_data);
+  ERR_load_strings(CRYPTO_error_string_data);
+  ERR_load_strings(DH_error_string_data);
+  ERR_load_strings(DIGEST_error_string_data);
+  ERR_load_strings(DSA_error_string_data);
+  ERR_load_strings(ECDH_error_string_data);
+  ERR_load_strings(ECDSA_error_string_data);
+  ERR_load_strings(EC_error_string_data);
+  ERR_load_strings(EVP_error_string_data);
+  ERR_load_strings(OBJ_error_string_data);
+  ERR_load_strings(PEM_error_string_data);
+  ERR_load_strings(RSA_error_string_data);
+  ERR_load_strings(X509V3_error_string_data);
+  ERR_load_strings(X509_error_string_data);
+}
+
+void ERR_load_strings(const ERR_STRING_DATA *str) {
+  err_fns_check();
+
+  while (str->error) {
+    ERRFN(set_item)(str);
+    str++;
+  }
+}
+
+void ERR_load_crypto_strings() { err_load_strings(); }
+
+void ERR_free_strings() {
+  err_fns_check();
+  ERRFN(shutdown)();
+}
+
+void ERR_load_BIO_strings() {}
diff --git a/crypto/err/err.h b/crypto/err/err.h
new file mode 100644
index 00000000..411bc9be
--- /dev/null
+++ b/crypto/err/err.h
@@ -0,0 +1,496 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com). */
+
+#ifndef OPENSSL_HEADER_ERR_H
+#define OPENSSL_HEADER_ERR_H
+
+#include <openssl/base.h>
+#include <openssl/thread.h>
+#include <openssl/lhash.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+/* Error queue handling functions.
+ *
+ * Errors in OpenSSL are generally signalled by the return value of a function.
+ * When a function fails it may add an entry to a per-thread error queue,
+ * which is managed by the functions in this header.
+ *
+ * Each error contains:
+ *   1) The library (i.e. ec, pem, rsa) which created it.
+ *   2) A function identifier and reason code.
+ *   3) The file and line number of the call that added the error.
+ *   4) A pointer to some error specific data, which may be NULL.
+ *
+ * The library identifier, function identifier and reason code are packed in a
+ * uint32_t and there exist various functions for unpacking it.
+ *
+ * The typical behaviour is that an error will occur deep in a call queue and
+ * that code will push an error onto the error queue. As the error queue
+ * unwinds, other functions will push their own errors. Thus, the "least
+ * recent" error is the most specific and the other errors will provide a
+ * backtrace of sorts. */
+
+
+/* Startup and shutdown. */
+
+/* ERR_load_crypto_strings initialises the error string hash with builtin
+ * values. If this is not called then the string forms of errors produced by
+ * the functions below will contain numeric identifiers rather than
+ * human-readable strings. */
+void ERR_load_crypto_strings();
+
+/* ERR_free_strings frees any internal error values that have been loaded. This
+ * should only be called at process shutdown. */
+void ERR_free_strings();
+
+
+/* Reading and formatting errors. */
+
+/* ERR_get_error gets the packed error code for the least recent error and
+ * removes that error from the queue. If there are no errors in the queue then
+ * it returns zero. */
+uint32_t ERR_get_error(void);
+
+/* ERR_get_error_line acts like |ERR_get_error|, except that the file and line
+ * number of the call that added the error are also returned. */
+uint32_t ERR_get_error_line(const char **file, int *line);
+
+/* ERR_get_error_line_data acts like |ERR_get_error_line|, but also returns the
+ * error-specific data pointer and flags. The flags are a bitwise-OR of
+ * |ERR_FLAG_*| values. */
+uint32_t ERR_get_error_line_data(const char **file, int *line,
+                                 char **data, int *flags);
+
+/* The "peek" functions act like the |ERR_get_error| functions, above, but they
+ * do not remove the error from the queue. */
+uint32_t ERR_peek_error(void);
+uint32_t ERR_peek_error_line(const char **file, int *line);
+uint32_t ERR_peek_error_line_data(const char **file, int *line,
+                                  const char **data, int *flags);
+
+/* The "peek last" functions act like the "peek" functions, above, except that
+ * they return the most recent error. */
+uint32_t ERR_peek_last_error(void);
+uint32_t ERR_peek_last_error_line(const char **file, int *line);
+uint32_t ERR_peek_last_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags);
+
+/* ERR_error_string generates a human-readable string representing
+ * |packed_error|, places it at |buf| (which must be at least
+ * ERR_ERROR_STRING_BUF_LEN bytes long) and returns |buf|. If |buf| is NULL,
+ * the error string is placed in a static buffer which is returned. (The static
+ * buffer may be overridden by concurrent calls in other threads so this form
+ * is deprecated.)
+ *
+ * The string will have the following format:
+ *
+ *   error:[error code]:[library name]:[function name]:[reason string]
+ *
+ * error code is an 8 digit hexadecimal number; library name, function name
+ * and reason string are ASCII text.
+ *
+ * TODO(fork): remove in favour of |ERR_error_string_n|. */
+char *ERR_error_string(uint32_t packed_error, char *buf);
+#define ERR_ERROR_STRING_BUF_LEN 256
+
+/* ERR_error_string_n is a variant of |ERR_error_string| that writes at most
+ * len characters (including the terminating NUL) and truncates the string if
+ * necessary. If |len| is greater than zero then |buf| is always NUL
+ * terminated. */
+void ERR_error_string_n(uint32_t packed_error, char *buf, size_t len);
+
+/* ERR_lib_error_string returns a string representation of the library that
+ * generated |packed_error|. */
+const char *ERR_lib_error_string(uint32_t packed_error);
+
+/* ERR_func_error_string returns a string representation of the function that
+ * generated |packed_error|. */
+const char *ERR_func_error_string(uint32_t packed_error);
+
+/* ERR_reason_error_string returns a string representation of the reason for
+ * |packed_error|. */
+const char *ERR_reason_error_string(uint32_t packed_error);
+
+/* ERR_print_errors_callback_t is the type of a function used by
+ * |ERR_print_errors_cb|. It takes a pointer to a human readable string (and
+ * its length) that describes an entry in the error queue. The |ctx| argument
+ * is an opaque pointer given to |ERR_print_errors_cb|.
+ *
+ * It should return one on success or zero on error, which will stop the
+ * iteration over the error queue. */
+typedef int (*ERR_print_errors_callback_t)(const char *str, size_t len,
+                                           void *ctx);
+
+/* ERR_print_errors_cb calls |callback| with a string representation of each
+ * error in the current thread's error queue, from the least recent to the most
+ * recent error.
+ *
+ * The string will have the following format (which differs from
+ * |ERR_error_string|):
+ *
+ *   [thread id]:error:[error code]:[library name]:[function name]:
+ *   [reason string]:[file]:[line number]:[optional string data]
+ *
+ * (All in one line.)
+ *
+ * The callback can return one to continue the iteration or zero to stop it.
+ * The |ctx| argument is an opaque value that is passed through to the
+ * callback. */
+void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx);
+
+
+/* Clearing errors. */
+
+/* ERR_clear_error clears the error queue for the current thread. */
+void ERR_clear_error(void);
+
+
+/* Private functions. */
+
+/* ERR_clear_system_error clears the system's error value (i.e. errno). */
+void ERR_clear_system_error(void);
+
+/* OPENSSL_PUT_ERROR is used by OpenSSL code to add an error to the error
+ * queue. */
+#define OPENSSL_PUT_ERROR(library, func, reason)                         \
+  ERR_put_error(ERR_LIB_##library, library##_F_##func, reason, __FILE__, \
+                __LINE__)
+
+/* OPENSSL_PUT_SYSTEM_ERROR is used by OpenSSL code to add an error from the
+ * operating system to the error queue. */
+/* TODO(fork): include errno. */
+#define OPENSSL_PUT_SYSTEM_ERROR(func) \
+  ERR_put_error(ERR_LIB_SYS, SYS_F_##func, 0, __FILE__, __LINE__);
+
+/* ERR_put_error adds an error to the error queue, dropping the least recent
+ * error if neccessary for space reasons. */
+void ERR_put_error(int library, int func, int reason, const char *file,
+                   unsigned line);
+
+/* ERR_add_error_data takes a variable number (|count|) of const char*
+ * pointers, concatenates them and sets the result as the data on the most
+ * recent error. */
+void ERR_add_error_data(unsigned count, ...);
+
+/* ERR_add_error_dataf takes a printf-style format and arguments, and sets the
+ * result as the data on the most recent error. */
+void ERR_add_error_dataf(const char *format, ...);
+
+/* ERR_set_mark "marks" the most recent error for use with |ERR_pop_to_mark|.
+ * It returns one if an error was marked and zero if there are no errors. */
+int ERR_set_mark(void);
+
+/* ERR_pop_to_mark removes errors from the most recent to the least recent
+ * until (and not including) a "marked" error. It returns zero if no marked
+ * error was found (and thus all errors were removed) and one otherwise. Errors
+ * are marked using |ERR_set_mark|. */
+int ERR_pop_to_mark(void);
+
+struct err_error_st {
+  /* file contains the filename where the error occured. */
+  const char *file;
+  /* data contains optional data. It must be freed with |OPENSSL_free| if
+   * |flags&ERR_FLAG_MALLOCED|. */
+  char *data;
+  /* packed contains the error library, function and reason, as packed by
+   * ERR_PACK. */
+  uint32_t packed;
+  /* line contains the line number where the error occured. */
+  uint16_t line;
+  /* flags contains a bitwise-OR of ERR_FLAG_* values. */
+  uint8_t flags;
+};
+
+/* ERR_FLAG_MALLOCED means the the |data| member must be freed when no longer
+ * needed. */
+#define ERR_FLAG_MALLOCED 1
+/* ERR_FLAG_STRING means that the |data| member is a NUL-terminated string that
+ * can be printed. */
+#define ERR_FLAG_STRING 2
+
+/* ERR_FLAG_PUBLIC_MASK is applied to the flags field before it is returned
+ * from functions like |ERR_get_error_line_data|. */
+#define ERR_FLAG_PUBLIC_MASK 0xf
+
+/* The following flag values are internal and are masked when flags are
+ * returned from functions like |ERR_get_error_line_data|. */
+
+/* ERR_FLAG_MARK is used to indicate a reversion point in the queue. See
+ * |ERR_pop_to_mark|. */
+#define ERR_FLAG_MARK 16
+
+/* ERR_NUM_ERRORS is the limit of the number of errors in the queue. */
+#define ERR_NUM_ERRORS 16
+
+/* ERR_STATE contains the per-thread, error queue. */
+typedef struct err_state_st {
+  /* tid is the identifier of the thread that owns this queue. */
+  CRYPTO_THREADID tid;
+
+  /* errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring
+   * buffer. */
+  struct err_error_st errors[ERR_NUM_ERRORS];
+  /* top contains the index one past the most recent error. If |top| equals
+   * |bottom| then the queue is empty. */
+  unsigned top;
+  /* bottom contains the index of the last error in the queue. */
+  unsigned bottom;
+} ERR_STATE;
+
+enum {
+  ERR_LIB_NONE = 1,
+  ERR_LIB_SYS,
+  ERR_LIB_BN,
+  ERR_LIB_RSA,
+  ERR_LIB_DH,
+  ERR_LIB_EVP,
+  ERR_LIB_BUF,
+  ERR_LIB_OBJ,
+  ERR_LIB_PEM,
+  ERR_LIB_DSA,
+  ERR_LIB_X509,
+  ERR_LIB_ASN1,
+  ERR_LIB_CONF,
+  ERR_LIB_CRYPTO,
+  ERR_LIB_EC,
+  ERR_LIB_SSL,
+  ERR_LIB_BIO,
+  ERR_LIB_PKCS7,
+  ERR_LIB_PKCS8,
+  ERR_LIB_X509V3,
+  ERR_LIB_PKCS12,
+  ERR_LIB_RAND,
+  ERR_LIB_ENGINE,
+  ERR_LIB_OCSP,
+  ERR_LIB_UI,
+  ERR_LIB_COMP,
+  ERR_LIB_ECDSA,
+  ERR_LIB_ECDH,
+  ERR_LIB_HMAC,
+  ERR_LIB_DIGEST,
+  ERR_LIB_CIPHER,
+  ERR_LIB_USER,
+  ERR_NUM_LIBS
+};
+
+#define ERR_R_SYS_LIB ERR_LIB_SYS
+#define ERR_R_BN_LIB ERR_LIB_BN
+#define ERR_R_RSA_LIB ERR_LIB_RSA
+#define ERR_R_DH_LIB ERR_LIB_DH
+#define ERR_R_EVP_LIB ERR_LIB_EVP
+#define ERR_R_BUF_LIB ERR_LIB_BUF
+#define ERR_R_OBJ_LIB ERR_LIB_OBJ
+#define ERR_R_PEM_LIB ERR_LIB_PEM
+#define ERR_R_DSA_LIB ERR_LIB_DSA
+#define ERR_R_X509_LIB ERR_LIB_X509
+#define ERR_R_ASN1_LIB ERR_LIB_ASN1
+#define ERR_R_CONF_LIB ERR_LIB_CONF
+#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO
+#define ERR_R_EC_LIB ERR_LIB_EC
+#define ERR_R_SSL_LIB ERR_LIB_SSL
+#define ERR_R_BIO_LIB ERR_LIB_BIO
+#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7
+#define ERR_R_PKCS8_LIB ERR_LIB_PKCS8
+#define ERR_R_X509V3_LIB ERR_LIB_X509V3
+#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12
+#define ERR_R_RAND_LIB ERR_LIB_RAND
+#define ERR_R_DSO_LIB ERR_LIB_DSO
+#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE
+#define ERR_R_OCSP_LIB ERR_LIB_OCSP
+#define ERR_R_UI_LIB ERR_LIB_UI
+#define ERR_R_COMP_LIB ERR_LIB_COMP
+#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA
+#define ERR_R_ECDH_LIB ERR_LIB_ECDH
+#define ERR_R_STORE_LIB ERR_LIB_STORE
+#define ERR_R_FIPS_LIB ERR_LIB_FIPS
+#define ERR_R_CMS_LIB ERR_LIB_CMS
+#define ERR_R_TS_LIB ERR_LIB_TS
+#define ERR_R_HMAC_LIB ERR_LIB_HMAC
+#define ERR_R_JPAKE_LIB ERR_LIB_JPAKE
+#define ERR_R_USER_LIB ERR_LIB_USER
+#define ERR_R_DIGEST_LIB ERR_LIB_DIGEST
+#define ERR_R_CIPHER_LIB ERR_LIB_CIPHER
+
+/* Global reasons. */
+#define ERR_R_FATAL 64
+#define ERR_R_MALLOC_FAILURE (1 | ERR_R_FATAL)
+#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2 | ERR_R_FATAL)
+#define ERR_R_PASSED_NULL_PARAMETER (3 | ERR_R_FATAL)
+#define ERR_R_INTERNAL_ERROR (4 | ERR_R_FATAL)
+
+/* System error functions */
+#define SYS_F_fopen 100
+#define SYS_F_fclose 101
+#define SYS_F_fread 102
+#define SYS_F_fwrite 103
+#define SYS_F_socket 104
+#define SYS_F_setsockopt 105
+#define SYS_F_connect 106
+#define SYS_F_getaddrinfo 107
+
+#define ERR_PACK(lib, func, reason)                                        \
+  (((((uint32_t)lib) & 0xff) << 24) | ((((uint32_t)func) & 0xfff) << 12) | \
+   ((((uint32_t)reason) & 0xfff)))
+
+#define ERR_GET_LIB(packed_error) (((packed_error) >> 24) & 0xff)
+#define ERR_GET_FUNC(packed_error) (((packed_error) >> 12) & 0xfff)
+#define ERR_GET_REASON(packed_error) ((packed_error) & 0xfff)
+
+/* ERR_STRING_DATA is the type of an lhash node that contains a mapping from a
+ * library, function or reason code to a string representation of it. */
+typedef struct err_string_data_st {
+  uint32_t error;
+  const char *string;
+} ERR_STRING_DATA;
+
+/* ERR_load_strings loads an array of ERR_STRING_DATA into the hash table. The
+ * array must be terminated by an entry with a NULL string. */
+void ERR_load_strings(const ERR_STRING_DATA *str);
+
+/* ERR_FNS_st is a structure of function pointers that contains the actual
+ * implementation of the error queue handling functions. */
+struct ERR_FNS_st {
+  void (*shutdown)(void);
+  ERR_STRING_DATA *(*get_item)(uint32_t packed_error);
+  ERR_STRING_DATA *(*set_item)(const ERR_STRING_DATA *);
+  ERR_STRING_DATA *(*del_item)(uint32_t packed_error);
+
+  /* get_state returns the ERR_STATE for the current thread. This function
+   * never returns NULL. */
+  ERR_STATE *(*get_state)(void);
+};
+
+/* OPENSSL_DECLARE_ERROR_REASON is used by util/make_errors.h (which generates
+ * the error defines) to recognise that an additional reason value is needed.
+ * This is needed when the reason value is used outside of an
+ * |OPENSSL_PUT_ERROR| macro. The resulting define will be
+ * ${lib}_R_${reason}. */
+#define OPENSSL_DECLARE_ERROR_REASON(lib, reason)
+
+/* OPENSSL_DECLARE_ERROR_FUNCTION is used by util/make_errors.h (which
+ * generates the error * defines to recognise that an additional function value
+ * is needed. This is * needed when the function value is used outside of an
+ * |OPENSSL_PUT_ERROR| * macro. The resulting define will be
+ * ${lib}_F_${reason}. */
+#define OPENSSL_DECLARE_ERROR_FUNCTION(lib, function_name)
+
+/* ERR_load_BIO_strings does nothing.
+ *
+ * TODO(fork): remove. libjingle calls this. */
+void ERR_load_BIO_strings();
+
+
+#if defined(__cplusplus)
+} /* extern C */
+#endif
+
+#endif /* OPENSSL_HEADER_ERR_H */
diff --git a/crypto/err/err_impl.c b/crypto/err/err_impl.c
new file mode 100644
index 00000000..ff2509d4
--- /dev/null
+++ b/crypto/err/err_impl.c
@@ -0,0 +1,280 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com). */
+
+#include <openssl/err.h>
+
+#include <assert.h>
+
+#include <openssl/lhash.h>
+#include <openssl/mem.h>
+
+
+DEFINE_LHASH_OF(ERR_STATE);
+DEFINE_LHASH_OF(ERR_STRING_DATA);
+
+/* state_hash is a map from thread ID to ERR_STATE. It works like thread-local
+ * storage. */
+static LHASH_OF(ERR_STATE) *state_hash = NULL;
+
+/* error_hash maps from a packed error to the string for that library /
+ * function / reason. */
+static LHASH_OF(ERR_STRING_DATA) *error_hash = NULL;
+
+/* err_string_data_hash is an lhash hash function for ERR_STRING_DATA. */
+static uint32_t err_string_data_hash(const ERR_STRING_DATA *a) {
+  return OPENSSL_hash32(&a->error, sizeof(a->error));
+}
+
+/* err_string_data_cmp is an lhash compare function for ERR_STRING_DATA. */
+static int err_string_data_cmp(const ERR_STRING_DATA *a,
+                               const ERR_STRING_DATA *b) {
+  return ((int)a->error) - ((int)b->error);
+}
+
+/* error_hash_get_write_locked returns the hash that maps from packed error to
+ * error string and creates it if need be. The caller must hold a write lock on
+ * LOCK_ERR. */
+static LHASH_OF(ERR_STRING_DATA) * error_hash_get_write_locked(void) {
+  if (!error_hash) {
+    error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, err_string_data_cmp);
+  }
+
+  return error_hash;
+}
+
+/* err_get_item returns an ERR_STRING_DATA with an |error| member that
+ * equals |packed_error|, or NULL if none can be found. */
+static ERR_STRING_DATA *err_get_item(uint32_t packed_error) {
+  ERR_STRING_DATA *ret = NULL, pattern;
+
+  pattern.error = packed_error;
+
+  CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+  if (error_hash) {
+    ret = lh_ERR_STRING_DATA_retrieve(error_hash, &pattern);
+  }
+  CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+  return ret;
+}
+
+/* err_set_item adds an ERR_STRING_DATA to the global hash of error strings and
+ * returns the previous entry with the same |err->error| value, if any. */
+static ERR_STRING_DATA *err_set_item(const ERR_STRING_DATA *err) {
+  ERR_STRING_DATA *old_item = NULL;
+  LHASH_OF(ERR_STRING_DATA) *hash;
+
+  CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+  hash = error_hash_get_write_locked();
+  if (hash) {
+    lh_ERR_STRING_DATA_insert(hash, &old_item, (ERR_STRING_DATA*) err);
+  }
+  CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+  return old_item;
+}
+
+/* err_set_item removes an item from the global hash of error strings for
+ * |packed_error| and returns the removed entry, if any. */
+static ERR_STRING_DATA *err_del_item(uint32_t packed_error) {
+  ERR_STRING_DATA *old_item = NULL, pattern;
+
+  pattern.error = packed_error;
+
+  CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+  if (error_hash) {
+    old_item = lh_ERR_STRING_DATA_delete(error_hash, &pattern);
+  }
+  CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+  return old_item;
+}
+
+
+/* err_state_hash is an lhash hash function for ERR_STATE. */
+static uint32_t err_state_hash(const ERR_STATE *a) {
+  return CRYPTO_THREADID_hash(&a->tid);
+}
+
+/* err_state_cmp is an lhash compare function for ERR_STATE. */
+static int err_state_cmp(const ERR_STATE *a, const ERR_STATE *b) {
+  return CRYPTO_THREADID_cmp(&a->tid, &b->tid);
+}
+
+
+static ERR_STATE *err_get_state(void) {
+  CRYPTO_THREADID tid;
+  ERR_STATE pattern, *state, *race_state;
+  int insert_result;
+  static ERR_STATE fallback;
+
+  CRYPTO_THREADID_current(&tid);
+  memset(&pattern, 0, sizeof(pattern));
+  CRYPTO_THREADID_cpy(&pattern.tid, &tid);
+
+  CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+  if (state_hash == NULL) {
+    CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    if (state_hash == NULL) {
+      state_hash = lh_ERR_STATE_new(err_state_hash, err_state_cmp);
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+  }
+
+  state = lh_ERR_STATE_retrieve(state_hash, &pattern);
+  CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+  if (state != NULL) {
+    return state;
+  }
+
+  state = OPENSSL_malloc(sizeof(ERR_STATE));
+  if (state == NULL) {
+    CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+    /* The other error functions don't cope with a failure to get the error
+     * state, so we return a dummy value. */
+    return &fallback;
+  }
+
+  memset(state, 0, sizeof(ERR_STATE));
+  CRYPTO_THREADID_cpy(&state->tid, &tid);
+
+  CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+  insert_result = lh_ERR_STATE_insert(state_hash, &race_state, state);
+  CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+  if (!insert_result) {
+    /* Insertion failed because of malloc failure. */
+    OPENSSL_free(state);
+    return &fallback;
+  }
+
+  /* We cannot have raced with another thread to insert an ERR_STATE because no
+   * other thread should be inserting values for this thread. */
+  assert(race_state == NULL);
+
+  return state;
+}
+
+static void err_shutdown(void) {
+  CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+  if (error_hash) {
+    lh_ERR_STRING_DATA_free(error_hash);
+    error_hash = NULL;
+  }
+  CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+}
+
+const struct ERR_FNS_st openssl_err_default_impl = {
+  err_shutdown,
+  err_get_item,
+  err_set_item,
+  err_del_item,
+  err_get_state,
+};
diff --git a/crypto/err/err_test.c b/crypto/err/err_test.c
new file mode 100644
index 00000000..adfc9d08
--- /dev/null
+++ b/crypto/err/err_test.c
@@ -0,0 +1,118 @@
+/* Copyright (c) 2014, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <stdio.h>
+
+#include <openssl/err.h>
+#include <openssl/mem.h>
+
+
+static int test_overflow() {
+  unsigned i;
+
+  for (i = 0; i < ERR_NUM_ERRORS*2; i++) {
+    ERR_put_error(1, 2, 3, "test", 1);
+  }
+
+  for (i = 0; i < ERR_NUM_ERRORS - 1; i++) {
+    if (ERR_get_error() == 0) {
+      fprintf(stderr, "ERR_get_error failed at %u\n", i);
+      return 0;
+    }
+  }
+
+  if (ERR_get_error() != 0) {
+    fprintf(stderr, "ERR_get_error more than the expected number of values.\n");
+    return 0;
+  }
+
+  return 1;
+}
+
+static int test_put_error() {
+  uint32_t packed_error;
+  int line, flags;
+  const char *file;
+  char *data;
+
+  if (ERR_get_error() != 0) {
+    fprintf(stderr, "ERR_get_error returned value before an error was added.\n");
+    return 0;
+  }
+
+  ERR_put_error(1, 2, 3, "test", 4);
+  ERR_add_error_data(1, "testing");
+
+  packed_error = ERR_get_error_line_data(&file, &line, &data, &flags);
+  if (strcmp(file, "test") != 0 ||
+      line != 4 ||
+      (flags & ERR_FLAG_STRING) == 0 ||
+      (flags & ERR_FLAG_MALLOCED) == 0 ||
+      ERR_GET_LIB(packed_error) != 1 ||
+      ERR_GET_FUNC(packed_error) != 2 ||
+      ERR_GET_REASON(packed_error) != 3 ||
+      strcmp(data, "testing") != 0) {
+    fprintf(stderr, "Bad error data returned.\n");
+    return 0;
+  }
+
+  OPENSSL_free(data);
+
+  return 1;
+}
+
+static int test_clear_error() {
+  if (ERR_get_error() != 0) {
+    fprintf(stderr, "ERR_get_error returned value before an error was added.\n");
+    return 0;
+  }
+
+  ERR_put_error(1, 2, 3, "test", 4);
+  ERR_clear_error();
+
+  if (ERR_get_error() != 0) {
+    fprintf(stderr, "Error remained after clearing.\n");
+    return 0;
+  }
+
+  return 1;
+}
+
+static int test_print() {
+  size_t i;
+  char buf[256];
+  uint32_t packed_error;
+
+  ERR_put_error(1, 2, 3, "test", 4);
+  ERR_add_error_data(1, "testing");
+  packed_error = ERR_get_error();
+
+  for (i = 0; i <= sizeof(buf); i++) {
+    ERR_error_string_n(packed_error, buf, i);
+  }
+
+  return 1;
+}
+
+int main() {
+  if (!test_overflow() ||
+      !test_put_error() ||
+      !test_clear_error() ||
+      !test_print()) {
+    return 1;
+  }
+
+  printf("PASS\n");
+  return 0;
+}