cargo fmt

* using mips64le * cargo fmt
2025-06-06 12:33:44 +02:00 · 2023-03-10 09:40:26 +01:00 · 2023-03-10 09:40:26 +01:00 · 4692193ec4
commit 4692193ec4
parent 2cbc15c5ef
53 changed files with 579 additions and 2039 deletions
--- a/.drone.jsonnet
+++ b/.drone.jsonnet
@ -1,7 +1,7 @@
 local registry = "084037375216.dkr.ecr.us-east-2.amazonaws.com";
 local targets = [
-      { "os": "linux",   "name": "sid", "isas": [ "386", "armv7", "amd64", "arm64" ], "events": [ "push", "tag", "custom" ] },
+      { "os": "linux",   "name": "sid", "isas": [ "386", "armv7", "amd64", "arm64", "mips64le" ], "events": [ "push", "tag", "custom" ] },
 ];
 local Build(platform, os, isa, events) = {
--- a/.drone.yml
+++ b/.drone.yml
@ -80,3 +80,22 @@ trigger:
  - tag
  - custom
 type: docker
 ---
 clone:
  depth: 1
 kind: pipeline
 name: sid mips64le build
 pull: always
 steps:
 - commands:
  - aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin
    084037375216.dkr.ecr.us-east-2.amazonaws.com
  - ./ci/scripts/build.sh sid mips64le 100.0.0+${DRONE_COMMIT_SHA:0:8} ${DRONE_BUILD_EVENT}
  image: 084037375216.dkr.ecr.us-east-2.amazonaws.com/honda-builder
  name: build
 trigger:
  event:
  - push
  - tag
  - custom
 type: docker
--- a/crypto/build.rs
+++ b/crypto/build.rs
@ -1,8 +1,4 @@
-#![allow(
+#![allow(clippy::inconsistent_digit_grouping, clippy::uninlined_format_args, clippy::unusual_byte_groupings)]
    clippy::inconsistent_digit_grouping,
    clippy::uninlined_format_args,
    clippy::unusual_byte_groupings
 )]
 use std::env;
--- a/crypto/src/aes_gmac_siv_openssl.rs
+++ b/crypto/src/aes_gmac_siv_openssl.rs
@ -5,7 +5,6 @@ use foreign_types::ForeignType;
 use crate::{cipher_ctx::CipherCtx, ZEROES};
 /// AES-GMAC-SIV encryptor/decryptor.
 pub struct AesGmacSiv {
    tag: [u8; 16],
@ -50,13 +49,13 @@ impl AesGmacSiv {
        self.tag[8..12].fill(0);
        let ctx = CipherCtx::new().unwrap();
-		unsafe {
+        unsafe {
-			let t = match self.k0.len() {
+            let t = match self.k0.len() {
-				16 => ffi::EVP_aes_128_gcm(),
+                16 => ffi::EVP_aes_128_gcm(),
-				24 => ffi::EVP_aes_192_gcm(),
+                24 => ffi::EVP_aes_192_gcm(),
-				32 => ffi::EVP_aes_256_gcm(),
+                32 => ffi::EVP_aes_256_gcm(),
-				_ => panic!("Aes KEY_SIZE must be 16, 24 or 32")
+                _ => panic!("Aes KEY_SIZE must be 16, 24 or 32"),
-			};
+            };
            ctx.cipher_init::<true>(t, self.k0.as_mut_ptr(), self.tag[0..12].as_ptr()).unwrap();
        }
        let _ = self.gmac.replace(ctx);
@ -107,15 +106,15 @@ impl AesGmacSiv {
        let mut tag_tmp = [0_u8; 32];
        let ctx = CipherCtx::new().unwrap();
-		unsafe {
+        unsafe {
-			let t = match self.k1.len() {
+            let t = match self.k1.len() {
-				16 => ffi::EVP_aes_128_ecb(),
+                16 => ffi::EVP_aes_128_ecb(),
-				24 => ffi::EVP_aes_192_ecb(),
+                24 => ffi::EVP_aes_192_ecb(),
-				32 => ffi::EVP_aes_256_ecb(),
+                32 => ffi::EVP_aes_256_ecb(),
-				_ => panic!("Aes KEY_SIZE must be 16, 24 or 32")
+                _ => panic!("Aes KEY_SIZE must be 16, 24 or 32"),
-			};
+            };
            ctx.cipher_init::<true>(t, self.k1.as_mut_ptr(), ptr::null_mut()).unwrap();
-			ffi::EVP_CIPHER_CTX_set_padding(ctx.as_ptr(), 0);
+            ffi::EVP_CIPHER_CTX_set_padding(ctx.as_ptr(), 0);
            ctx.update::<true>(&self.tag, tag_tmp.as_mut_ptr()).unwrap();
        }
        self.tag.copy_from_slice(&tag_tmp[0..16]);
@ -124,13 +123,13 @@ impl AesGmacSiv {
        self.tmp[12] &= 0x7f;
        let ctx = CipherCtx::new().unwrap();
-		unsafe {
+        unsafe {
-			let t = match self.k1.len() {
+            let t = match self.k1.len() {
-				16 => ffi::EVP_aes_128_ctr(),
+                16 => ffi::EVP_aes_128_ctr(),
-				24 => ffi::EVP_aes_192_ctr(),
+                24 => ffi::EVP_aes_192_ctr(),
-				32 => ffi::EVP_aes_256_ctr(),
+                32 => ffi::EVP_aes_256_ctr(),
-				_ => panic!("Aes KEY_SIZE must be 16, 24 or 32")
+                _ => panic!("Aes KEY_SIZE must be 16, 24 or 32"),
-			};
+            };
            ctx.cipher_init::<true>(t, self.k1.as_mut_ptr(), self.tmp.as_ptr()).unwrap();
        }
        let _ = self.ctr.replace(ctx);
@ -140,7 +139,7 @@ impl AesGmacSiv {
    /// This may be called more than once.
    #[inline(always)]
    pub fn encrypt_second_pass(&mut self, plaintext: &[u8], ciphertext: &mut [u8]) {
-		unsafe {
+        unsafe {
            self.ctr.as_mut().unwrap().update::<true>(plaintext, ciphertext.as_mut_ptr()).unwrap();
        }
    }
@ -149,7 +148,7 @@ impl AesGmacSiv {
    /// This may be called more than once.
    #[inline(always)]
    pub fn encrypt_second_pass_in_place(&mut self, plaintext_to_ciphertext: &mut [u8]) {
-		unsafe {
+        unsafe {
            let out = plaintext_to_ciphertext.as_mut_ptr();
            self.ctr.as_mut().unwrap().update::<true>(plaintext_to_ciphertext, out).unwrap();
        }
@ -170,13 +169,13 @@ impl AesGmacSiv {
        self.tmp[12] &= 0x7f;
        let ctx = CipherCtx::new().unwrap();
-		unsafe {
+        unsafe {
-			let t = match self.k1.len() {
+            let t = match self.k1.len() {
-				16 => ffi::EVP_aes_128_ctr(),
+                16 => ffi::EVP_aes_128_ctr(),
-				24 => ffi::EVP_aes_192_ctr(),
+                24 => ffi::EVP_aes_192_ctr(),
-				32 => ffi::EVP_aes_256_ctr(),
+                32 => ffi::EVP_aes_256_ctr(),
-				_ => panic!("Aes KEY_SIZE must be 16, 24 or 32")
+                _ => panic!("Aes KEY_SIZE must be 16, 24 or 32"),
-			};
+            };
            ctx.cipher_init::<false>(t, self.k1.as_mut_ptr(), self.tmp.as_ptr()).unwrap();
        }
        let _ = self.ctr.replace(ctx);
@ -184,28 +183,28 @@ impl AesGmacSiv {
        let mut tag_tmp = [0_u8; 32];
        let ctx = CipherCtx::new().unwrap();
-		unsafe {
+        unsafe {
-			let t = match self.k1.len() {
+            let t = match self.k1.len() {
-				16 => ffi::EVP_aes_128_ecb(),
+                16 => ffi::EVP_aes_128_ecb(),
-				24 => ffi::EVP_aes_192_ecb(),
+                24 => ffi::EVP_aes_192_ecb(),
-				32 => ffi::EVP_aes_256_ecb(),
+                32 => ffi::EVP_aes_256_ecb(),
-				_ => panic!("Aes KEY_SIZE must be 16, 24 or 32")
+                _ => panic!("Aes KEY_SIZE must be 16, 24 or 32"),
-			};
+            };
            ctx.cipher_init::<false>(t, self.k1.as_mut_ptr(), ptr::null_mut()).unwrap();
-			ffi::EVP_CIPHER_CTX_set_padding(ctx.as_ptr(), 0);
+            ffi::EVP_CIPHER_CTX_set_padding(ctx.as_ptr(), 0);
            ctx.update::<false>(&self.tag, tag_tmp.as_mut_ptr()).unwrap();
        }
        self.tag.copy_from_slice(&tag_tmp[0..16]);
        tag_tmp[8..12].fill(0);
        let ctx = CipherCtx::new().unwrap();
-		unsafe {
+        unsafe {
-			let t = match self.k0.len() {
+            let t = match self.k0.len() {
-				16 => ffi::EVP_aes_128_gcm(),
+                16 => ffi::EVP_aes_128_gcm(),
-				24 => ffi::EVP_aes_192_gcm(),
+                24 => ffi::EVP_aes_192_gcm(),
-				32 => ffi::EVP_aes_256_gcm(),
+                32 => ffi::EVP_aes_256_gcm(),
-				_ => panic!("Aes KEY_SIZE must be 16, 24 or 32")
+                _ => panic!("Aes KEY_SIZE must be 16, 24 or 32"),
-			};
+            };
            ctx.cipher_init::<true>(t, self.k0.as_mut_ptr(), self.tag[0..12].as_ptr()).unwrap();
        }
        let _ = self.gmac.replace(ctx);
--- a/crypto/src/aes_openssl.rs
+++ b/crypto/src/aes_openssl.rs
@ -1,16 +1,16 @@
 // (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md.
-use std::{ptr, mem::MaybeUninit};
+use std::{mem::MaybeUninit, ptr};
 use foreign_types::ForeignType;
-use crate::{secret::Secret, cipher_ctx::CipherCtx};
+use crate::{cipher_ctx::CipherCtx, secret::Secret};
 /// An OpenSSL AES_GCM context. Automatically frees itself on drop.
 /// The current interface is custom made for ZeroTier, but could easily be adapted for other uses.
 /// Whether `ENCRYPT` is true or false decides respectively whether this context encrypts or decrypts.
 /// Even though OpenSSL lets you set this dynamically almost no operations work when you do this without resetting the context.
-pub struct AesGcm<const ENCRYPT: bool> (CipherCtx);
+pub struct AesGcm<const ENCRYPT: bool>(CipherCtx);
 impl<const ENCRYPT: bool> AesGcm<ENCRYPT> {
    /// Create an AesGcm context with the given key, key must be 16, 24 or 32 bytes long.
@ -22,7 +22,7 @@ impl<const ENCRYPT: bool> AesGcm<ENCRYPT> {
                16 => ffi::EVP_aes_128_gcm(),
                24 => ffi::EVP_aes_192_gcm(),
                32 => ffi::EVP_aes_256_gcm(),
-                _ => panic!("Aes KEY_SIZE must be 16, 24 or 32")
+                _ => panic!("Aes KEY_SIZE must be 16, 24 or 32"),
            };
            ctx.cipher_init::<ENCRYPT>(t, key.as_ptr(), ptr::null()).unwrap();
            ffi::EVP_CIPHER_CTX_set_padding(ctx.as_ptr(), 0);
@ -103,7 +103,7 @@ impl Aes {
                16 => ffi::EVP_aes_128_ecb(),
                24 => ffi::EVP_aes_192_ecb(),
                32 => ffi::EVP_aes_256_ecb(),
-                _ => panic!("Aes KEY_SIZE must be 16, 24 or 32")
+                _ => panic!("Aes KEY_SIZE must be 16, 24 or 32"),
            };
            ctx0.cipher_init::<true>(t, key.as_ptr(), ptr::null()).unwrap();
            ffi::EVP_CIPHER_CTX_set_padding(ctx0.as_ptr(), 0);
@ -117,14 +117,22 @@ impl Aes {
    /// Do not ever encrypt the same plaintext twice. Make sure data is always different between calls.
    #[inline(always)]
    pub fn encrypt_block_in_place(&self, data: &mut [u8]) {
-        debug_assert_eq!(data.len(), AES_BLOCK_SIZE, "AesEcb should not be used to encrypt more than one block at a time unless you really know what you are doing.");
+        debug_assert_eq!(
            data.len(),
            AES_BLOCK_SIZE,
            "AesEcb should not be used to encrypt more than one block at a time unless you really know what you are doing."
        );
        let ptr = data.as_mut_ptr();
        unsafe { self.0.update::<true>(data, ptr).unwrap() }
    }
    /// Do not ever encrypt the same plaintext twice. Make sure data is always different between calls.
    #[inline(always)]
    pub fn decrypt_block_in_place(&self, data: &mut [u8]) {
-        debug_assert_eq!(data.len(), AES_BLOCK_SIZE, "AesEcb should not be used to encrypt more than one block at a time unless you really know what you are doing.");
+        debug_assert_eq!(
            data.len(),
            AES_BLOCK_SIZE,
            "AesEcb should not be used to encrypt more than one block at a time unless you really know what you are doing."
        );
        let ptr = data.as_mut_ptr();
        unsafe { self.1.update::<false>(data, ptr).unwrap() }
    }
--- a/crypto/src/aes_tests.rs
+++ b/crypto/src/aes_tests.rs
@ -1,5 +1,3 @@
 #[cfg(test)]
 mod test {
    use crate::aes::AesGcm;
--- a/crypto/src/bn.rs
+++ b/crypto/src/bn.rs
@ -8,14 +8,14 @@
 //!
 //! [`BIGNUM`]: https://wiki.openssl.org/index.php/Manual:Bn_internal(3)
 use cfg_if::cfg_if;
-use foreign_types::{ForeignType, ForeignTypeRef, foreign_type};
+use foreign_types::{foreign_type, ForeignType, ForeignTypeRef};
 use libc::c_int;
 use std::cmp::Ordering;
 use std::ffi::CString;
 use std::ops::{Add, Deref, Div, Mul, Neg, Rem, Shl, Shr, Sub};
 use std::ptr;
-use crate::error::{ErrorStack, cvt, cvt_n, cvt_p};
+use crate::error::{cvt, cvt_n, cvt_p, ErrorStack};
 cfg_if! {
    if #[cfg(any(ossl110, libressl350))] {
@ -72,28 +72,26 @@ foreign_type! {
 impl BigNumContext {
    /// Returns a new `BigNumContext`.
    pub fn new() -> Result<BigNumContext, ErrorStack> {
-        unsafe {
+        unsafe { cvt_p(ffi::BN_CTX_new()).map(|x| BigNumContext::from_ptr(x)) }
            cvt_p(ffi::BN_CTX_new()).map(|x| BigNumContext::from_ptr(x))
        }
    }
 }
 foreign_type! {
-	/// Dynamically sized large number implementation
+    /// Dynamically sized large number implementation
-	///
+    ///
-	/// Perform large number mathematics.  Create a new BigNum
+    /// Perform large number mathematics.  Create a new BigNum
-	/// with [`new`].  Perform standard mathematics on large numbers using
+    /// with [`new`].  Perform standard mathematics on large numbers using
-	/// methods from [`Dref<Target = BigNumRef>`]
+    /// methods from [`Dref<Target = BigNumRef>`]
-	///
+    ///
-	/// OpenSSL documentation at [`BN_new`].
+    /// OpenSSL documentation at [`BN_new`].
-	///
+    ///
-	/// [`new`]: struct.BigNum.html#method.new
+    /// [`new`]: struct.BigNum.html#method.new
-	/// [`Dref<Target = BigNumRef>`]: struct.BigNum.html#deref-methods
+    /// [`Dref<Target = BigNumRef>`]: struct.BigNum.html#deref-methods
-	/// [`BN_new`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_new.html
+    /// [`BN_new`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_new.html
-	pub unsafe type BigNum {
+    pub unsafe type BigNum {
        type CType = ffi::BIGNUM;
        fn drop = ffi::BN_free;
-	}
+    }
 }
 impl BigNumRef {
@ -266,30 +264,14 @@ impl BigNumRef {
    /// [`constants`]: index.html#constants
    #[allow(clippy::useless_conversion)]
    pub fn rand(&mut self, bits: i32, msb: MsbOption, odd: bool) -> Result<(), ErrorStack> {
-        unsafe {
+        unsafe { cvt(ffi::BN_rand(self.as_ptr(), bits.into(), msb.0, odd as c_int)).map(|_| ()) }
            cvt(ffi::BN_rand(
                self.as_ptr(),
                bits.into(),
                msb.0,
                odd as c_int,
            ))
            .map(|_| ())
        }
    }
    /// The cryptographically weak counterpart to `rand`.  Not suitable for key generation.
    #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
    #[allow(clippy::useless_conversion)]
    pub fn pseudo_rand(&mut self, bits: i32, msb: MsbOption, odd: bool) -> Result<(), ErrorStack> {
-        unsafe {
+        unsafe { cvt(ffi::BN_pseudo_rand(self.as_ptr(), bits.into(), msb.0, odd as c_int)).map(|_| ()) }
            cvt(ffi::BN_pseudo_rand(
                self.as_ptr(),
                bits.into(),
                msb.0,
                odd as c_int,
            ))
            .map(|_| ())
        }
    }
    /// Generates a prime number, placing it in `self`.
@ -300,13 +282,7 @@ impl BigNumRef {
    /// * `safe`: If true, returns a "safe" prime `p` so that `(p-1)/2` is also prime.
    /// * `add`/`rem`: If `add` is set to `Some(add)`, `p % add == rem` will hold, where `p` is the
    ///   generated prime and `rem` is `1` if not specified (`None`).
-    pub fn generate_prime(
+    pub fn generate_prime(&mut self, bits: i32, safe: bool, add: Option<&BigNumRef>, rem: Option<&BigNumRef>) -> Result<(), ErrorStack> {
        &mut self,
        bits: i32,
        safe: bool,
        add: Option<&BigNumRef>,
        rem: Option<&BigNumRef>,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_generate_prime_ex(
                self.as_ptr(),
@ -324,82 +300,26 @@ impl BigNumRef {
    /// [`core::ops::Mul`] is also implemented for `BigNumRef`.
    ///
    /// [`core::ops::Mul`]: struct.BigNumRef.html#method.mul
-    pub fn checked_mul(
+    pub fn checked_mul(&mut self, a: &BigNumRef, b: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_mul(self.as_ptr(), a.as_ptr(), b.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        b: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_mul(
                self.as_ptr(),
                a.as_ptr(),
                b.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the result of `a / b` in `self`. The remainder is discarded.
    /// [`core::ops::Div`] is also implemented for `BigNumRef`.
    ///
    /// [`core::ops::Div`]: struct.BigNumRef.html#method.div
-    pub fn checked_div(
+    pub fn checked_div(&mut self, a: &BigNumRef, b: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_div(self.as_ptr(), ptr::null_mut(), a.as_ptr(), b.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        b: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_div(
                self.as_ptr(),
                ptr::null_mut(),
                a.as_ptr(),
                b.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the result of `a % b` in `self`.
-    pub fn checked_rem(
+    pub fn checked_rem(&mut self, a: &BigNumRef, b: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_div(ptr::null_mut(), self.as_ptr(), a.as_ptr(), b.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        b: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_div(
                ptr::null_mut(),
                self.as_ptr(),
                a.as_ptr(),
                b.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the result of `a / b` in `self` and `a % b` in `rem`.
-    pub fn div_rem(
+    pub fn div_rem(&mut self, rem: &mut BigNumRef, a: &BigNumRef, b: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_div(self.as_ptr(), rem.as_ptr(), a.as_ptr(), b.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        rem: &mut BigNumRef,
        a: &BigNumRef,
        b: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_div(
                self.as_ptr(),
                rem.as_ptr(),
                a.as_ptr(),
                b.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the result of `a²` in `self`.
@ -409,173 +329,48 @@ impl BigNumRef {
    /// Places the result of `a mod m` in `self`.  As opposed to `div_rem`
    /// the result is non-negative.
-    pub fn nnmod(
+    pub fn nnmod(&mut self, a: &BigNumRef, m: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_nnmod(self.as_ptr(), a.as_ptr(), m.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        m: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_nnmod(
                self.as_ptr(),
                a.as_ptr(),
                m.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the result of `(a + b) mod m` in `self`.
-    pub fn mod_add(
+    pub fn mod_add(&mut self, a: &BigNumRef, b: &BigNumRef, m: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_mod_add(self.as_ptr(), a.as_ptr(), b.as_ptr(), m.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        b: &BigNumRef,
        m: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_mod_add(
                self.as_ptr(),
                a.as_ptr(),
                b.as_ptr(),
                m.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the result of `(a - b) mod m` in `self`.
-    pub fn mod_sub(
+    pub fn mod_sub(&mut self, a: &BigNumRef, b: &BigNumRef, m: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_mod_sub(self.as_ptr(), a.as_ptr(), b.as_ptr(), m.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        b: &BigNumRef,
        m: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_mod_sub(
                self.as_ptr(),
                a.as_ptr(),
                b.as_ptr(),
                m.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the result of `(a * b) mod m` in `self`.
-    pub fn mod_mul(
+    pub fn mod_mul(&mut self, a: &BigNumRef, b: &BigNumRef, m: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_mod_mul(self.as_ptr(), a.as_ptr(), b.as_ptr(), m.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        b: &BigNumRef,
        m: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_mod_mul(
                self.as_ptr(),
                a.as_ptr(),
                b.as_ptr(),
                m.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the result of `a² mod m` in `self`.
-    pub fn mod_sqr(
+    pub fn mod_sqr(&mut self, a: &BigNumRef, m: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_mod_sqr(self.as_ptr(), a.as_ptr(), m.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        m: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_mod_sqr(
                self.as_ptr(),
                a.as_ptr(),
                m.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the result of `a^p` in `self`.
-    pub fn exp(
+    pub fn exp(&mut self, a: &BigNumRef, p: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_exp(self.as_ptr(), a.as_ptr(), p.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        p: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_exp(
                self.as_ptr(),
                a.as_ptr(),
                p.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the result of `a^p mod m` in `self`.
-    pub fn mod_exp(
+    pub fn mod_exp(&mut self, a: &BigNumRef, p: &BigNumRef, m: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_mod_exp(self.as_ptr(), a.as_ptr(), p.as_ptr(), m.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        p: &BigNumRef,
        m: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_mod_exp(
                self.as_ptr(),
                a.as_ptr(),
                p.as_ptr(),
                m.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the inverse of `a` modulo `n` in `self`.
-    pub fn mod_inverse(
+    pub fn mod_inverse(&mut self, a: &BigNumRef, n: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt_p(ffi::BN_mod_inverse(self.as_ptr(), a.as_ptr(), n.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        n: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt_p(ffi::BN_mod_inverse(
                self.as_ptr(),
                a.as_ptr(),
                n.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Places the greatest common denominator of `a` and `b` in `self`.
-    pub fn gcd(
+    pub fn gcd(&mut self, a: &BigNumRef, b: &BigNumRef, ctx: &mut BigNumContextRef) -> Result<(), ErrorStack> {
-        &mut self,
+        unsafe { cvt(ffi::BN_gcd(self.as_ptr(), a.as_ptr(), b.as_ptr(), ctx.as_ptr())).map(|_| ()) }
        a: &BigNumRef,
        b: &BigNumRef,
        ctx: &mut BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_gcd(
                self.as_ptr(),
                a.as_ptr(),
                b.as_ptr(),
                ctx.as_ptr(),
            ))
            .map(|_| ())
        }
    }
    /// Checks whether `self` is prime.
@ -588,15 +383,7 @@ impl BigNumRef {
    #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
    #[allow(clippy::useless_conversion)]
    pub fn is_prime(&self, checks: i32, ctx: &mut BigNumContextRef) -> Result<bool, ErrorStack> {
-        unsafe {
+        unsafe { cvt_n(ffi::BN_is_prime_ex(self.as_ptr(), checks.into(), ctx.as_ptr(), ptr::null_mut())).map(|r| r != 0) }
            cvt_n(ffi::BN_is_prime_ex(
                self.as_ptr(),
                checks.into(),
                ctx.as_ptr(),
                ptr::null_mut(),
            ))
            .map(|r| r != 0)
        }
    }
    /// Checks whether `self` is prime with optional trial division.
@ -610,12 +397,7 @@ impl BigNumRef {
    /// Returns `true` if `self` is prime with an error probability of less than `0.25 ^ checks`.
    #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
    #[allow(clippy::useless_conversion)]
-    pub fn is_prime_fasttest(
+    pub fn is_prime_fasttest(&self, checks: i32, ctx: &mut BigNumContextRef, do_trial_division: bool) -> Result<bool, ErrorStack> {
        &self,
        checks: i32,
        ctx: &mut BigNumContextRef,
        do_trial_division: bool,
    ) -> Result<bool, ErrorStack> {
        unsafe {
            cvt_n(ffi::BN_is_prime_fasttest_ex(
                self.as_ptr(),
@ -645,10 +427,11 @@ impl BigNumRef {
    ///
    /// `self` can be recreated by using `from_slice`.
    pub fn to_bytes(&self, buf: &mut [u8]) -> Result<usize, ErrorStack> {
-        debug_assert!(buf.len() >= self.num_bytes() as usize, "The buffer must be at least as large as the BigNum, see BigNum::num_bytes()");
+        debug_assert!(
-        unsafe {
+            buf.len() >= self.num_bytes() as usize,
-            cvt_n(ffi::BN_bn2bin(self.as_ptr(), buf.as_mut_ptr())).map(|x| x as usize)
+            "The buffer must be at least as large as the BigNum, see BigNum::num_bytes()"
-        }
+        );
        unsafe { cvt_n(ffi::BN_bn2bin(self.as_ptr(), buf.as_mut_ptr())).map(|x| x as usize) }
    }
    /// Returns a big-endian byte vector representation of the absolute value of `self` padded
@ -713,9 +496,7 @@ impl BigNum {
    /// Creates a new `BigNum` with the given value.
    pub fn from_u32(n: u32) -> Result<BigNum, ErrorStack> {
-        BigNum::new().and_then(|v| unsafe {
+        BigNum::new().and_then(|v| unsafe { cvt(ffi::BN_set_word(v.as_ptr(), n as ffi::BN_ULONG)).map(|_| v) })
            cvt(ffi::BN_set_word(v.as_ptr(), n as ffi::BN_ULONG)).map(|_| v)
        })
    }
    /// Creates a `BigNum` from a decimal string.
@ -745,9 +526,7 @@ impl BigNum {
    /// [`RFC 2409`]: https://tools.ietf.org/html/rfc2409#page-21
    #[cfg(not(boringssl))]
    pub fn get_rfc2409_prime_768() -> Result<BigNum, ErrorStack> {
-        unsafe {
+        unsafe { cvt_p(BN_get_rfc2409_prime_768(ptr::null_mut())).map(|x| BigNum::from_ptr(x)) }
            cvt_p(BN_get_rfc2409_prime_768(ptr::null_mut())).map(|x| BigNum::from_ptr(x))
        }
    }
    /// Returns a constant used in IKE as defined in [`RFC 2409`].  This prime number is in
@ -757,9 +536,7 @@ impl BigNum {
    /// [`RFC 2409`]: https://tools.ietf.org/html/rfc2409#page-21
    #[cfg(not(boringssl))]
    pub fn get_rfc2409_prime_1024() -> Result<BigNum, ErrorStack> {
-        unsafe {
+        unsafe { cvt_p(BN_get_rfc2409_prime_1024(ptr::null_mut())).map(|x| BigNum::from_ptr(x)) }
            cvt_p(BN_get_rfc2409_prime_1024(ptr::null_mut())).map(|x| BigNum::from_ptr(x))
        }
    }
    /// Returns a constant used in IKE as defined in [`RFC 3526`].  The prime is in the order
@ -769,9 +546,7 @@ impl BigNum {
    /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3
    #[cfg(not(boringssl))]
    pub fn get_rfc3526_prime_1536() -> Result<BigNum, ErrorStack> {
-        unsafe {
+        unsafe { cvt_p(BN_get_rfc3526_prime_1536(ptr::null_mut())).map(|x| BigNum::from_ptr(x)) }
            cvt_p(BN_get_rfc3526_prime_1536(ptr::null_mut())).map(|x| BigNum::from_ptr(x))
        }
    }
    /// Returns a constant used in IKE as defined in [`RFC 3526`].  The prime is in the order
@ -781,9 +556,7 @@ impl BigNum {
    /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3
    #[cfg(not(boringssl))]
    pub fn get_rfc3526_prime_2048() -> Result<BigNum, ErrorStack> {
-        unsafe {
+        unsafe { cvt_p(BN_get_rfc3526_prime_2048(ptr::null_mut())).map(|x| BigNum::from_ptr(x)) }
            cvt_p(BN_get_rfc3526_prime_2048(ptr::null_mut())).map(|x| BigNum::from_ptr(x))
        }
    }
    /// Returns a constant used in IKE as defined in [`RFC 3526`].  The prime is in the order
@ -793,9 +566,7 @@ impl BigNum {
    /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4
    #[cfg(not(boringssl))]
    pub fn get_rfc3526_prime_3072() -> Result<BigNum, ErrorStack> {
-        unsafe {
+        unsafe { cvt_p(BN_get_rfc3526_prime_3072(ptr::null_mut())).map(|x| BigNum::from_ptr(x)) }
            cvt_p(BN_get_rfc3526_prime_3072(ptr::null_mut())).map(|x| BigNum::from_ptr(x))
        }
    }
    /// Returns a constant used in IKE as defined in [`RFC 3526`].  The prime is in the order
@ -805,9 +576,7 @@ impl BigNum {
    /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4
    #[cfg(not(boringssl))]
    pub fn get_rfc3526_prime_4096() -> Result<BigNum, ErrorStack> {
-        unsafe {
+        unsafe { cvt_p(BN_get_rfc3526_prime_4096(ptr::null_mut())).map(|x| BigNum::from_ptr(x)) }
            cvt_p(BN_get_rfc3526_prime_4096(ptr::null_mut())).map(|x| BigNum::from_ptr(x))
        }
    }
    /// Returns a constant used in IKE as defined in [`RFC 3526`].  The prime is in the order
@ -817,9 +586,7 @@ impl BigNum {
    /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6
    #[cfg(not(boringssl))]
    pub fn get_rfc3526_prime_6144() -> Result<BigNum, ErrorStack> {
-        unsafe {
+        unsafe { cvt_p(BN_get_rfc3526_prime_6144(ptr::null_mut())).map(|x| BigNum::from_ptr(x)) }
            cvt_p(BN_get_rfc3526_prime_6144(ptr::null_mut())).map(|x| BigNum::from_ptr(x))
        }
    }
    /// Returns a constant used in IKE as defined in [`RFC 3526`].  The prime is in the order
@ -829,9 +596,7 @@ impl BigNum {
    /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6
    #[cfg(not(boringssl))]
    pub fn get_rfc3526_prime_8192() -> Result<BigNum, ErrorStack> {
-        unsafe {
+        unsafe { cvt_p(BN_get_rfc3526_prime_8192(ptr::null_mut())).map(|x| BigNum::from_ptr(x)) }
            cvt_p(BN_get_rfc3526_prime_8192(ptr::null_mut())).map(|x| BigNum::from_ptr(x))
        }
    }
    /// Creates a new `BigNum` from an unsigned, big-endian encoded number of arbitrary length.
@ -843,12 +608,7 @@ impl BigNum {
        unsafe {
            assert!(n.len() <= c_int::max_value() as usize);
-            cvt_p(ffi::BN_bin2bn(
+            cvt_p(ffi::BN_bin2bn(n.as_ptr(), n.len() as c_int, ptr::null_mut())).map(|p| BigNum::from_ptr(p))
                n.as_ptr(),
                n.len() as c_int,
                ptr::null_mut(),
            ))
            .map(|p| BigNum::from_ptr(p))
        }
    }
@ -866,7 +626,6 @@ impl BigNum {
    }
 }
 impl PartialEq<BigNumRef> for BigNumRef {
    fn eq(&self, oth: &BigNumRef) -> bool {
        self.cmp(oth) == Ordering::Equal
@ -1086,7 +845,10 @@ impl Neg for BigNum {
 #[cfg(test)]
 mod tests {
-    use crate::{bn::{BigNum, BigNumContext}, init};
+    use crate::{
        bn::{BigNum, BigNumContext},
        init,
    };
    #[test]
    fn test_to_from_slice() {
--- a/crypto/src/cipher_ctx.rs
+++ b/crypto/src/cipher_ctx.rs
@ -1,8 +1,7 @@
 use std::ptr;
-use crate::error::{ErrorStack, cvt_p, cvt};
+use crate::error::{cvt, cvt_p, ErrorStack};
-use foreign_types::{ForeignType, foreign_type, ForeignTypeRef};
+use foreign_types::{foreign_type, ForeignType, ForeignTypeRef};
 use libc::c_int;
 foreign_type! {
@ -22,23 +21,19 @@ impl CipherCtx {
    }
 }
 impl CipherCtxRef {
    /// Initializes the context for encryption or decryption.
    /// All pointer fields can be null, in which case the corresponding field in the context is not updated.
-    pub unsafe fn cipher_init<const ENCRYPT: bool>(&self, t: *const ffi::EVP_CIPHER, key: *const u8, iv: *const u8) -> Result<(), ErrorStack>{
+    pub unsafe fn cipher_init<const ENCRYPT: bool>(&self, t: *const ffi::EVP_CIPHER, key: *const u8, iv: *const u8) -> Result<(), ErrorStack> {
-        let evp_f = if ENCRYPT { ffi::EVP_EncryptInit_ex } else { ffi::EVP_DecryptInit_ex };
+        let evp_f = if ENCRYPT {
            ffi::EVP_EncryptInit_ex
        } else {
            ffi::EVP_DecryptInit_ex
        };
-        cvt(evp_f(
+        cvt(evp_f(self.as_ptr(), t, ptr::null_mut(), key, iv))?;
            self.as_ptr(),
            t,
            ptr::null_mut(),
            key,
            iv,
        ))?;
        Ok(())
    }
    /// Writes data into the context.
    ///
    /// Providing no output buffer will cause the input to be considered additional authenticated data (AAD).
@ -54,27 +49,20 @@ impl CipherCtxRef {
    /// ciphers the output buffer size should be at least as big as
    /// the input buffer. For block ciphers the size of the output
    /// buffer depends on the state of partially updated blocks.
-    pub unsafe fn update<const ENCRYPT: bool>(
+    pub unsafe fn update<const ENCRYPT: bool>(&self, input: &[u8], output: *mut u8) -> Result<(), ErrorStack> {
-        &self,
+        let evp_f = if ENCRYPT {
-        input: &[u8],
+            ffi::EVP_EncryptUpdate
-        output: *mut u8,
+        } else {
-    ) -> Result<(), ErrorStack> {
+            ffi::EVP_DecryptUpdate
-        let evp_f = if ENCRYPT { ffi::EVP_EncryptUpdate } else { ffi::EVP_DecryptUpdate };
+        };
        let mut outlen = 0;
-        cvt(evp_f(
+        cvt(evp_f(self.as_ptr(), output, &mut outlen, input.as_ptr(), input.len() as c_int))?;
            self.as_ptr(),
            output,
            &mut outlen,
            input.as_ptr(),
            input.len() as c_int,
        ))?;
        Ok(())
    }
    /// Finalizes the encryption or decryption process.
    ///
    /// Any remaining data will be written to the output buffer.
@ -88,18 +76,15 @@ impl CipherCtxRef {
    /// large enough to contain correct number of bytes. For streaming
    /// ciphers the output buffer can be empty, for block ciphers the
    /// output buffer should be at least as big as the block.
-    pub unsafe fn finalize<const ENCRYPT: bool>(
+    pub unsafe fn finalize<const ENCRYPT: bool>(&self, output: *mut u8) -> Result<(), ErrorStack> {
-        &self,
+        let evp_f = if ENCRYPT {
-        output: *mut u8,
+            ffi::EVP_EncryptFinal_ex
-    ) -> Result<(), ErrorStack> {
+        } else {
-        let evp_f = if ENCRYPT { ffi::EVP_EncryptFinal_ex } else { ffi::EVP_DecryptFinal_ex };
+            ffi::EVP_DecryptFinal_ex
        };
        let mut outl = 0;
-        cvt(evp_f(
+        cvt(evp_f(self.as_ptr(), output, &mut outl))?;
            self.as_ptr(),
            output,
            &mut outl,
        ))?;
        Ok(())
    }
@ -111,7 +96,6 @@ impl CipherCtxRef {
    /// The size of the buffer indicates the size of the tag. While some ciphers support a range of tag sizes, it is
    /// recommended to pick the maximum size.
    pub fn tag(&self, tag: &mut [u8]) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::EVP_CIPHER_CTX_ctrl(
                self.as_ptr(),
@ -141,8 +125,8 @@ impl CipherCtxRef {
 #[cfg(test)]
 mod test {
    use crate::init;
    use super::*;
    use crate::init;
    #[test]
    fn aes_128_ecb() {
--- a/crypto/src/ec.rs
+++ b/crypto/src/ec.rs
@ -1,10 +1,8 @@
 use std::ptr;
-use foreign_types::{ForeignType, foreign_type, ForeignTypeRef};
+use crate::bn::{BigNumContext, BigNumContextRef, BigNumRef};
-use crate::bn::{BigNumContext, BigNumRef, BigNumContextRef};
+use crate::error::{cvt, cvt_n, cvt_p, ErrorStack};
-use crate::error::{ErrorStack, cvt_p, cvt, cvt_n};
+use foreign_types::{foreign_type, ForeignType, ForeignTypeRef};
 foreign_type! {
    #[derive(Clone)]
@ -52,62 +50,31 @@ impl EcKey {
    pub fn generate(group: &EcGroupRef) -> Result<EcKey, ErrorStack> {
        unsafe {
            cvt_p(ffi::EC_KEY_new())
-            .map(|p| EcKey::from_ptr(p))
+                .map(|p| EcKey::from_ptr(p))
-            .and_then(|key| {
+                .and_then(|key| cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key))
-                cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key)
+                .and_then(|key| cvt(ffi::EC_KEY_generate_key(key.as_ptr())).map(|_| key))
            })
            .and_then(|key| cvt(ffi::EC_KEY_generate_key(key.as_ptr())).map(|_| key))
        }
    }
    /// Constructs an `EcKey` from the specified group with the associated [`EcPoint`]: `public_key`.
    ///
    /// This will only have the associated `public_key`.
-    pub fn from_public_key(
+    pub fn from_public_key(group: &EcGroupRef, public_key: &EcPointRef) -> Result<EcKey, ErrorStack> {
        group: &EcGroupRef,
        public_key: &EcPointRef,
    ) -> Result<EcKey, ErrorStack> {
        unsafe {
            cvt_p(ffi::EC_KEY_new())
-            .map(|p| EcKey::from_ptr(p))
+                .map(|p| EcKey::from_ptr(p))
-            .and_then(|key| {
+                .and_then(|key| cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key))
-                cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key)
+                .and_then(|key| cvt(ffi::EC_KEY_set_public_key(key.as_ptr(), public_key.as_ptr())).map(|_| key))
            })
            .and_then(|key| {
                cvt(ffi::EC_KEY_set_public_key(
                    key.as_ptr(),
                    public_key.as_ptr(),
                ))
                .map(|_| key)
            })
        }
    }
    /// Constructs an public/private key pair given a curve, a private key and a public key point.
-    pub fn from_private_components(
+    pub fn from_private_components(group: &EcGroupRef, private_number: &BigNumRef, public_key: &EcPointRef) -> Result<EcKey, ErrorStack> {
        group: &EcGroupRef,
        private_number: &BigNumRef,
        public_key: &EcPointRef,
    ) -> Result<EcKey, ErrorStack> {
        unsafe {
            cvt_p(ffi::EC_KEY_new())
-            .map(|p| EcKey::from_ptr(p))
+                .map(|p| EcKey::from_ptr(p))
-            .and_then(|key| {
+                .and_then(|key| cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key))
-                cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key)
+                .and_then(|key| cvt(ffi::EC_KEY_set_private_key(key.as_ptr(), private_number.as_ptr())).map(|_| key))
-            })
+                .and_then(|key| cvt(ffi::EC_KEY_set_public_key(key.as_ptr(), public_key.as_ptr())).map(|_| key))
            .and_then(|key| {
                cvt(ffi::EC_KEY_set_private_key(
                    key.as_ptr(),
                    private_number.as_ptr(),
                ))
                .map(|_| key)
            })
            .and_then(|key| {
                cvt(ffi::EC_KEY_set_public_key(
                    key.as_ptr(),
                    public_key.as_ptr(),
                ))
                .map(|_| key)
            })
        }
    }
 }
@ -118,11 +85,7 @@ impl EcPoint {
        unsafe { cvt_p(ffi::EC_POINT_new(group.as_ptr())).map(|x| EcPoint::from_ptr(x)) }
    }
    /// Creates point from a binary representation
-    pub fn from_bytes(
+    pub fn from_bytes(group: &EcGroupRef, buf: &[u8], ctx: &mut BigNumContext) -> Result<EcPoint, ErrorStack> {
        group: &EcGroupRef,
        buf: &[u8],
        ctx: &mut BigNumContext,
    ) -> Result<EcPoint, ErrorStack> {
        let point = EcPoint::new(group)?;
        unsafe {
            cvt(ffi::EC_POINT_oct2point(
@ -139,33 +102,14 @@ impl EcPoint {
 impl EcPointRef {
    /// Serializes the point to a binary representation.
-    pub fn to_bytes(
+    pub fn to_bytes(&self, group: &EcGroupRef, form: ffi::point_conversion_form_t, ctx: &BigNumContextRef) -> Result<Vec<u8>, ErrorStack> {
        &self,
        group: &EcGroupRef,
        form: ffi::point_conversion_form_t,
        ctx: &BigNumContextRef,
    ) -> Result<Vec<u8>, ErrorStack> {
        unsafe {
-            let len = ffi::EC_POINT_point2oct(
+            let len = ffi::EC_POINT_point2oct(group.as_ptr(), self.as_ptr(), form, ptr::null_mut(), 0, ctx.as_ptr());
                group.as_ptr(),
                self.as_ptr(),
                form,
                ptr::null_mut(),
                0,
                ctx.as_ptr(),
            );
            if len == 0 {
                return Err(ErrorStack::get());
            }
            let mut buf = vec![0; len];
-            let len = ffi::EC_POINT_point2oct(
+            let len = ffi::EC_POINT_point2oct(group.as_ptr(), self.as_ptr(), form, buf.as_mut_ptr(), len, ctx.as_ptr());
                group.as_ptr(),
                self.as_ptr(),
                form,
                buf.as_mut_ptr(),
                len,
                ctx.as_ptr(),
            );
            if len == 0 {
                Err(ErrorStack::get())
            } else {
@ -174,17 +118,9 @@ impl EcPointRef {
        }
    }
    /// Checks if point is on a given curve
-    pub fn is_on_curve(
+    pub fn is_on_curve(&self, group: &EcGroupRef, ctx: &BigNumContextRef) -> Result<bool, ErrorStack> {
        &self,
        group: &EcGroupRef,
        ctx: &BigNumContextRef,
    ) -> Result<bool, ErrorStack> {
        unsafe {
-            let res = cvt_n(ffi::EC_POINT_is_on_curve(
+            let res = cvt_n(ffi::EC_POINT_is_on_curve(group.as_ptr(), self.as_ptr(), ctx.as_ptr()))?;
                group.as_ptr(),
                self.as_ptr(),
                ctx.as_ptr(),
            ))?;
            Ok(res == 1)
        }
    }
--- a/crypto/src/error.rs
+++ b/crypto/src/error.rs
@ -1,4 +1,3 @@
 use cfg_if::cfg_if;
 use libc::{c_char, c_int};
 use std::borrow::Cow;
@ -127,13 +126,7 @@ impl Error {
                        Some(ShimStr::new(func))
                    };
-                    Some(Error {
+                    Some(Error { code, file, line, func, data })
                        code,
                        file,
                        line,
                        func,
                        data,
                    })
                }
            }
        }
@ -147,11 +140,7 @@ impl Error {
            let data = match self.data {
                Some(Cow::Borrowed(data)) => Some((data.as_ptr() as *mut c_char, 0)),
                Some(Cow::Owned(ref data)) => {
-                    let ptr = ffi::CRYPTO_malloc(
+                    let ptr = ffi::CRYPTO_malloc((data.len() + 1) as _, concat!(file!(), "\0").as_ptr() as _, line!() as _) as *mut c_char;
                        (data.len() + 1) as _,
                        concat!(file!(), "\0").as_ptr() as _,
                        line!() as _,
                    ) as *mut c_char;
                    if ptr.is_null() {
                        None
                    } else {
@ -172,16 +161,8 @@ impl Error {
    fn put_error(&self) {
        unsafe {
            ffi::ERR_new();
-            ffi::ERR_set_debug(
+            ffi::ERR_set_debug(self.file.as_ptr(), self.line, self.func.as_ref().map_or(ptr::null(), |s| s.as_ptr()));
-                self.file.as_ptr(),
+            ffi::ERR_set_error(ffi::ERR_GET_LIB(self.code), ffi::ERR_GET_REASON(self.code), ptr::null());
                self.line,
                self.func.as_ref().map_or(ptr::null(), |s| s.as_ptr()),
            );
            ffi::ERR_set_error(
                ffi::ERR_GET_LIB(self.code),
                ffi::ERR_GET_REASON(self.code),
                ptr::null(),
            );
        }
    }
@ -273,13 +254,7 @@ impl fmt::Display for Error {
            Some(r) => write!(fmt, ":{}", r)?,
            None => write!(fmt, ":reason({})", ffi::ERR_GET_REASON(self.code()))?,
        }
-        write!(
+        write!(fmt, ":{}:{}:{}", self.file(), self.line(), self.data().unwrap_or(""))
            fmt,
            ":{}:{}:{}",
            self.file(),
            self.line(),
            self.data().unwrap_or("")
        )
    }
 }
@ -345,7 +320,6 @@ cfg_if! {
    }
 }
 #[inline]
 pub fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
    if r.is_null() {
--- a/crypto/src/lib.rs
+++ b/crypto/src/lib.rs
@ -1,14 +1,13 @@
 mod error;
 mod cipher_ctx;
 mod bn;
 mod cipher_ctx;
 mod ec;
 mod error;
 pub mod secret;
 pub mod random;
 pub mod hash;
 pub mod mimcvdf;
 pub mod p384;
 pub mod random;
 pub mod secret;
 pub mod poly1305;
 pub mod salsa;
@ -31,9 +30,6 @@ pub use aes_gmac_siv_fruity as aes_gmac_siv;
 #[cfg(not(target_os = "macos"))]
 pub use aes_gmac_siv_openssl as aes_gmac_siv;
 /// This must be called before using any function from this library.
 pub fn init() {
    ffi::init();
--- a/crypto/src/p384.rs
+++ b/crypto/src/p384.rs
@ -1,4 +1,3 @@
 #![allow(
    dead_code,
    mutable_transmutes,
@ -18,13 +17,13 @@ pub const P384_ECDH_SHARED_SECRET_SIZE: usize = 48;
 #[cfg(not(target_feature = "builtin_nist_ecc"))]
 mod openssl_based {
    use std::convert::TryInto;
    use std::{mem, ptr};
    use std::os::raw::{c_int, c_ulong, c_void};
    use std::{mem, ptr};
    use foreign_types::{ForeignType, ForeignTypeRef};
    use lazy_static::lazy_static;
    use crate::bn::{BigNum, BigNumContext};
    use crate::ec::{EcGroup, EcKey, EcPoint, EcPointRef};
    use foreign_types::{ForeignType, ForeignTypeRef};
    use lazy_static::lazy_static;
    use crate::error::cvt_p;
    use crate::hash::SHA384;
@ -39,9 +38,7 @@ mod openssl_based {
    }
    lazy_static! {
-        pub(crate) static ref GROUP_P384: EcGroup = unsafe {
+        pub(crate) static ref GROUP_P384: EcGroup = unsafe { EcGroup::from_ptr(cvt_p(ffi::EC_GROUP_new_by_curve_name(ffi::NID_secp384r1)).unwrap()) };
            EcGroup::from_ptr(cvt_p(ffi::EC_GROUP_new_by_curve_name(ffi::NID_secp384r1)).unwrap())
        };
    }
    /// A NIST P-384 ECDH/ECDSA public key.
@ -55,8 +52,8 @@ mod openssl_based {
        fn new_from_point(key: &EcPointRef) -> Self {
            let mut bnc = BigNumContext::new().unwrap();
            let kb = key
-            .to_bytes(&GROUP_P384, ffi::point_conversion_form_t::POINT_CONVERSION_COMPRESSED, &bnc)
+                .to_bytes(&GROUP_P384, ffi::point_conversion_form_t::POINT_CONVERSION_COMPRESSED, &bnc)
-            .unwrap();
+                .unwrap();
            let mut bytes = [0_u8; 49];
            bytes[(49 - kb.len())..].copy_from_slice(kb.as_slice());
            Self {
@ -96,12 +93,7 @@ mod openssl_based {
                                    let data = &SHA384::hash(msg);
-                                    return ffi::ECDSA_do_verify(
+                                    return ffi::ECDSA_do_verify(data.as_ptr(), data.len() as c_int, sig, self.key.as_ptr()) == 1;
                                        data.as_ptr(),
                                        data.len() as c_int,
                                        sig,
                                        self.key.as_ptr(),
                                    ) == 1
                                }
                            }
                        }
@ -146,13 +138,13 @@ mod openssl_based {
                    if let Ok(private) = BigNum::from_slice(secret_bytes) {
                        if let Ok(pair) = EcKey::from_private_components(&GROUP_P384, &private, public.key.public_key()) {
                            if pair.check_key().is_ok() {
-                                return Some(Self { pair, public })
+                                return Some(Self { pair, public });
                            }
                        }
                    }
                }
            }
-            return None
+            return None;
        }
        pub fn public_key(&self) -> &P384PublicKey {
@ -174,11 +166,7 @@ mod openssl_based {
        pub fn sign(&self, msg: &[u8]) -> [u8; P384_ECDSA_SIGNATURE_SIZE] {
            let data = &SHA384::hash(msg);
            unsafe {
-                let sig = ffi::ECDSA_do_sign(
+                let sig = ffi::ECDSA_do_sign(data.as_ptr(), data.len() as c_int, self.pair.as_ref().as_ptr());
                    data.as_ptr(),
                    data.len() as c_int,
                    self.pair.as_ref().as_ptr(),
                );
                assert!(!sig.is_null());
                let mut r = ptr::null();
@ -186,7 +174,7 @@ mod openssl_based {
                ffi::ECDSA_SIG_get0(sig, &mut r, &mut s);
                let r_len = ((ffi::BN_num_bits(r) + 7) / 8) as usize;
                let s_len = ((ffi::BN_num_bits(s) + 7) / 8) as usize;
-                const CAP: usize = P384_ECDSA_SIGNATURE_SIZE/2;
+                const CAP: usize = P384_ECDSA_SIGNATURE_SIZE / 2;
                assert!(r_len > 0 && s_len > 0 && r_len <= CAP && s_len <= CAP);
                let mut b = [0_u8; P384_ECDSA_SIGNATURE_SIZE];
@ -194,7 +182,6 @@ mod openssl_based {
                ffi::BN_bn2bin(s, b[(P384_ECDSA_SIGNATURE_SIZE - s_len)..P384_ECDSA_SIGNATURE_SIZE].as_mut_ptr());
                b
            }
        }
        /// Perform ECDH key agreement, returning the raw (un-hashed!) ECDH secret.
@ -267,49 +254,49 @@ mod builtin {
        pub y: [u64; 6],
    }
    static mut curve_p: [uint64_t; 6] = [
-    0xffffffff as libc::c_uint as uint64_t,
+        0xffffffff as libc::c_uint as uint64_t,
-    0xffffffff00000000 as libc::c_ulong,
+        0xffffffff00000000 as libc::c_ulong,
-    0xfffffffffffffffe as libc::c_ulong,
+        0xfffffffffffffffe as libc::c_ulong,
-    0xffffffffffffffff as libc::c_ulong,
+        0xffffffffffffffff as libc::c_ulong,
-    0xffffffffffffffff as libc::c_ulong,
+        0xffffffffffffffff as libc::c_ulong,
-    0xffffffffffffffff as libc::c_ulong,
+        0xffffffffffffffff as libc::c_ulong,
    ];
    static mut curve_b: [uint64_t; 6] = [
-    0x2a85c8edd3ec2aef as libc::c_long as uint64_t,
+        0x2a85c8edd3ec2aef as libc::c_long as uint64_t,
-    0xc656398d8a2ed19d as libc::c_ulong,
+        0xc656398d8a2ed19d as libc::c_ulong,
-    0x314088f5013875a as libc::c_long as uint64_t,
+        0x314088f5013875a as libc::c_long as uint64_t,
-    0x181d9c6efe814112 as libc::c_long as uint64_t,
+        0x181d9c6efe814112 as libc::c_long as uint64_t,
-    0x988e056be3f82d19 as libc::c_ulong,
+        0x988e056be3f82d19 as libc::c_ulong,
-    0xb3312fa7e23ee7e4 as libc::c_ulong,
+        0xb3312fa7e23ee7e4 as libc::c_ulong,
    ];
    static mut curve_G: EccPoint = {
        let mut init = EccPoint {
            x: [
-            0x3a545e3872760ab7 as libc::c_long as uint64_t,
+                0x3a545e3872760ab7 as libc::c_long as uint64_t,
-            0x5502f25dbf55296c as libc::c_long as uint64_t,
+                0x5502f25dbf55296c as libc::c_long as uint64_t,
-            0x59f741e082542a38 as libc::c_long as uint64_t,
+                0x59f741e082542a38 as libc::c_long as uint64_t,
-            0x6e1d3b628ba79b98 as libc::c_long as uint64_t,
+                0x6e1d3b628ba79b98 as libc::c_long as uint64_t,
-            0x8eb1c71ef320ad74 as libc::c_ulong,
+                0x8eb1c71ef320ad74 as libc::c_ulong,
-            0xaa87ca22be8b0537 as libc::c_ulong,
+                0xaa87ca22be8b0537 as libc::c_ulong,
            ],
            y: [
-            0x7a431d7c90ea0e5f as libc::c_long as uint64_t,
+                0x7a431d7c90ea0e5f as libc::c_long as uint64_t,
-            0xa60b1ce1d7e819d as libc::c_long as uint64_t,
+                0xa60b1ce1d7e819d as libc::c_long as uint64_t,
-            0xe9da3113b5f0b8c0 as libc::c_ulong,
+                0xe9da3113b5f0b8c0 as libc::c_ulong,
-            0xf8f41dbd289a147c as libc::c_ulong,
+                0xf8f41dbd289a147c as libc::c_ulong,
-            0x5d9e98bf9292dc29 as libc::c_long as uint64_t,
+                0x5d9e98bf9292dc29 as libc::c_long as uint64_t,
-            0x3617de4a96262c6f as libc::c_long as uint64_t,
+                0x3617de4a96262c6f as libc::c_long as uint64_t,
            ],
        };
        init
    };
    static mut curve_n: [uint64_t; 6] = [
-    0xecec196accc52973 as libc::c_ulong,
+        0xecec196accc52973 as libc::c_ulong,
-    0x581a0db248b0a77a as libc::c_long as uint64_t,
+        0x581a0db248b0a77a as libc::c_long as uint64_t,
-    0xc7634d81f4372ddf as libc::c_ulong,
+        0xc7634d81f4372ddf as libc::c_ulong,
-    0xffffffffffffffff as libc::c_ulong,
+        0xffffffffffffffff as libc::c_ulong,
-    0xffffffffffffffff as libc::c_ulong,
+        0xffffffffffffffff as libc::c_ulong,
-    0xffffffffffffffff as libc::c_ulong,
+        0xffffffffffffffff as libc::c_ulong,
    ];
    unsafe fn getRandomNumber(mut p_vli: *mut uint64_t) -> libc::c_int {
@ -342,7 +329,7 @@ mod builtin {
    unsafe fn vli_testBit(mut p_vli: *mut uint64_t, mut p_bit: uint) -> uint64_t {
        return *p_vli.offset(p_bit.wrapping_div(64 as libc::c_int as libc::c_uint) as isize)
-        & (1 as libc::c_int as uint64_t) << p_bit.wrapping_rem(64 as libc::c_int as libc::c_uint);
+            & (1 as libc::c_int as uint64_t) << p_bit.wrapping_rem(64 as libc::c_int as libc::c_uint);
    }
    /* Counts the number of 64-bit "digits" in p_vli. */
@ -372,9 +359,9 @@ mod builtin {
            i = i.wrapping_add(1)
        }
        return l_numDigits
-        .wrapping_sub(1 as libc::c_int as libc::c_uint)
+            .wrapping_sub(1 as libc::c_int as libc::c_uint)
-        .wrapping_mul(64 as libc::c_int as libc::c_uint)
+            .wrapping_mul(64 as libc::c_int as libc::c_uint)
-        .wrapping_add(i);
+            .wrapping_add(i);
    }
    /* Sets p_dest = p_src. */
@ -442,8 +429,8 @@ mod builtin {
        i = 0 as libc::c_int as uint;
        while i < (48 as libc::c_int / 8 as libc::c_int) as libc::c_uint {
            let mut l_sum: uint64_t = (*p_left.offset(i as isize))
-            .wrapping_add(*p_right.offset(i as isize))
+                .wrapping_add(*p_right.offset(i as isize))
-            .wrapping_add(l_carry);
+                .wrapping_add(l_carry);
            if l_sum != *p_left.offset(i as isize) {
                l_carry = (l_sum < *p_left.offset(i as isize)) as libc::c_int as uint64_t
            }
@ -460,8 +447,8 @@ mod builtin {
        i = 0 as libc::c_int as uint;
        while i < (48 as libc::c_int / 8 as libc::c_int) as libc::c_uint {
            let mut l_diff: uint64_t = (*p_left.offset(i as isize))
-            .wrapping_sub(*p_right.offset(i as isize))
+                .wrapping_sub(*p_right.offset(i as isize))
-            .wrapping_sub(l_borrow);
+                .wrapping_sub(l_borrow);
            if l_diff != *p_left.offset(i as isize) {
                l_borrow = (l_diff > *p_left.offset(i as isize)) as libc::c_int as uint64_t
            }
@ -484,12 +471,12 @@ mod builtin {
                0 as libc::c_int as libc::c_uint
            } else {
                k.wrapping_add(1 as libc::c_int as libc::c_uint)
-                .wrapping_sub((48 as libc::c_int / 8 as libc::c_int) as libc::c_uint)
+                    .wrapping_sub((48 as libc::c_int / 8 as libc::c_int) as libc::c_uint)
            };
            i = l_min;
            while i <= k && i < (48 as libc::c_int / 8 as libc::c_int) as libc::c_uint {
                let mut l_product: uint128_t =
-                (*p_left.offset(i as isize) as uint128_t).wrapping_mul(*p_right.offset(k.wrapping_sub(i) as isize) as u128);
+                    (*p_left.offset(i as isize) as uint128_t).wrapping_mul(*p_right.offset(k.wrapping_sub(i) as isize) as u128);
                r01 = (r01 as u128).wrapping_add(l_product) as uint128_t as uint128_t;
                r2 = (r2 as libc::c_ulong).wrapping_add((r01 < l_product) as libc::c_int as libc::c_ulong) as uint64_t as uint64_t;
                i = i.wrapping_add(1)
@ -514,12 +501,12 @@ mod builtin {
                0 as libc::c_int as libc::c_uint
            } else {
                k.wrapping_add(1 as libc::c_int as libc::c_uint)
-                .wrapping_sub((48 as libc::c_int / 8 as libc::c_int) as libc::c_uint)
+                    .wrapping_sub((48 as libc::c_int / 8 as libc::c_int) as libc::c_uint)
            };
            i = l_min;
            while i <= k && i <= k.wrapping_sub(i) {
                let mut l_product: uint128_t =
-                (*p_left.offset(i as isize) as uint128_t).wrapping_mul(*p_left.offset(k.wrapping_sub(i) as isize) as u128);
+                    (*p_left.offset(i as isize) as uint128_t).wrapping_mul(*p_left.offset(k.wrapping_sub(i) as isize) as u128);
                if i < k.wrapping_sub(i) {
                    r2 = (r2 as u128).wrapping_add(l_product >> 127 as libc::c_int) as uint64_t as uint64_t;
                    l_product = (l_product as u128).wrapping_mul(2 as libc::c_int as u128) as uint128_t as uint128_t
@ -606,17 +593,12 @@ mod builtin {
            let mut i: uint = 0; /* p = c0 */
            vli_clear(l_tmp.as_mut_ptr());
            vli_clear(l_tmp.as_mut_ptr().offset((48 as libc::c_int / 8 as libc::c_int) as isize));
-            omega_mult(
+            omega_mult(l_tmp.as_mut_ptr(), p_product.offset((48 as libc::c_int / 8 as libc::c_int) as isize));
                l_tmp.as_mut_ptr(),
                p_product.offset((48 as libc::c_int / 8 as libc::c_int) as isize),
            );
            vli_clear(p_product.offset((48 as libc::c_int / 8 as libc::c_int) as isize));
            /* (c1, c0) = c0 + w * c1 */
            i = 0 as libc::c_int as uint;
            while i < (48 as libc::c_int / 8 as libc::c_int + 3 as libc::c_int) as libc::c_uint {
-                let mut l_sum: uint64_t = (*p_product.offset(i as isize))
+                let mut l_sum: uint64_t = (*p_product.offset(i as isize)).wrapping_add(l_tmp[i as usize]).wrapping_add(l_carry);
                .wrapping_add(l_tmp[i as usize])
                .wrapping_add(l_carry);
                if l_sum != *p_product.offset(i as isize) {
                    l_carry = (l_sum < *p_product.offset(i as isize)) as libc::c_int as uint64_t
                }
@ -678,8 +660,8 @@ mod builtin {
                vli_rshift1(u.as_mut_ptr());
                if l_carry != 0 {
                    u[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] =
-                    (u[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] as libc::c_ulonglong
+                        (u[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] as libc::c_ulonglong
-                    | 0x8000000000000000 as libc::c_ulonglong) as uint64_t
+                            | 0x8000000000000000 as libc::c_ulonglong) as uint64_t
                }
            } else if b[0 as libc::c_int as usize] & 1 as libc::c_int as libc::c_ulong == 0 {
                vli_rshift1(b.as_mut_ptr());
@ -689,8 +671,8 @@ mod builtin {
                vli_rshift1(v.as_mut_ptr());
                if l_carry != 0 {
                    v[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] =
-                    (v[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] as libc::c_ulonglong
+                        (v[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] as libc::c_ulonglong
-                    | 0x8000000000000000 as libc::c_ulonglong) as uint64_t
+                            | 0x8000000000000000 as libc::c_ulonglong) as uint64_t
                }
            } else if l_cmpResult > 0 as libc::c_int {
                vli_sub(a.as_mut_ptr(), a.as_mut_ptr(), b.as_mut_ptr());
@ -705,8 +687,8 @@ mod builtin {
                vli_rshift1(u.as_mut_ptr());
                if l_carry != 0 {
                    u[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] =
-                    (u[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] as libc::c_ulonglong
+                        (u[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] as libc::c_ulonglong
-                    | 0x8000000000000000 as libc::c_ulonglong) as uint64_t
+                            | 0x8000000000000000 as libc::c_ulonglong) as uint64_t
                }
            } else {
                vli_sub(b.as_mut_ptr(), b.as_mut_ptr(), a.as_mut_ptr());
@ -721,8 +703,8 @@ mod builtin {
                vli_rshift1(v.as_mut_ptr());
                if l_carry != 0 {
                    v[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] =
-                    (v[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] as libc::c_ulonglong
+                        (v[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] as libc::c_ulonglong
-                    | 0x8000000000000000 as libc::c_ulonglong) as uint64_t
+                            | 0x8000000000000000 as libc::c_ulonglong) as uint64_t
                }
            }
        }
@ -862,12 +844,7 @@ mod builtin {
        vli_set(X1, t7.as_mut_ptr());
    }
-    unsafe fn EccPoint_mult(
+    unsafe fn EccPoint_mult(mut p_result: *mut EccPoint, mut p_point: *mut EccPoint, mut p_scalar: *mut uint64_t, mut p_initialZ: *mut uint64_t) {
        mut p_result: *mut EccPoint,
        mut p_point: *mut EccPoint,
        mut p_scalar: *mut uint64_t,
        mut p_initialZ: *mut uint64_t,
    ) {
        /* R0 and R1 */
        let mut Rx: [[uint64_t; 6]; 2] = std::mem::MaybeUninit::uninit().assume_init();
        let mut Ry: [[uint64_t; 6]; 2] = std::mem::MaybeUninit::uninit().assume_init();
@ -941,17 +918,17 @@ mod builtin {
        while i < (48 as libc::c_int / 8 as libc::c_int) as libc::c_uint {
            let mut p_digit: *const uint8_t = p_bytes.offset(
                (8 as libc::c_int as libc::c_uint)
-                .wrapping_mul(((48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as libc::c_uint).wrapping_sub(i))
+                    .wrapping_mul(((48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as libc::c_uint).wrapping_sub(i))
-                as isize,
+                    as isize,
            );
            *p_native.offset(i as isize) = (*p_digit.offset(0 as libc::c_int as isize) as uint64_t) << 56 as libc::c_int
-            | (*p_digit.offset(1 as libc::c_int as isize) as uint64_t) << 48 as libc::c_int
+                | (*p_digit.offset(1 as libc::c_int as isize) as uint64_t) << 48 as libc::c_int
-            | (*p_digit.offset(2 as libc::c_int as isize) as uint64_t) << 40 as libc::c_int
+                | (*p_digit.offset(2 as libc::c_int as isize) as uint64_t) << 40 as libc::c_int
-            | (*p_digit.offset(3 as libc::c_int as isize) as uint64_t) << 32 as libc::c_int
+                | (*p_digit.offset(3 as libc::c_int as isize) as uint64_t) << 32 as libc::c_int
-            | (*p_digit.offset(4 as libc::c_int as isize) as uint64_t) << 24 as libc::c_int
+                | (*p_digit.offset(4 as libc::c_int as isize) as uint64_t) << 24 as libc::c_int
-            | (*p_digit.offset(5 as libc::c_int as isize) as uint64_t) << 16 as libc::c_int
+                | (*p_digit.offset(5 as libc::c_int as isize) as uint64_t) << 16 as libc::c_int
-            | (*p_digit.offset(6 as libc::c_int as isize) as uint64_t) << 8 as libc::c_int
+                | (*p_digit.offset(6 as libc::c_int as isize) as uint64_t) << 8 as libc::c_int
-            | *p_digit.offset(7 as libc::c_int as isize) as uint64_t;
+                | *p_digit.offset(7 as libc::c_int as isize) as uint64_t;
            i = i.wrapping_add(1)
        }
    }
@ -962,8 +939,8 @@ mod builtin {
        while i < (48 as libc::c_int / 8 as libc::c_int) as libc::c_uint {
            let mut p_digit: *mut uint8_t = p_bytes.offset(
                (8 as libc::c_int as libc::c_uint)
-                .wrapping_mul(((48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as libc::c_uint).wrapping_sub(i))
+                    .wrapping_mul(((48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as libc::c_uint).wrapping_sub(i))
-                as isize,
+                    as isize,
            );
            *p_digit.offset(0 as libc::c_int as isize) = (*p_native.offset(i as isize) >> 56 as libc::c_int) as uint8_t;
            *p_digit.offset(1 as libc::c_int as isize) = (*p_native.offset(i as isize) >> 48 as libc::c_int) as uint8_t;
@ -1016,7 +993,7 @@ mod builtin {
        );
        mod_sqrt((*p_point).y.as_mut_ptr());
        if (*p_point).y[0 as libc::c_int as usize] & 0x1 as libc::c_int as libc::c_ulong
-        != (*p_compressed.offset(0 as libc::c_int as isize) as libc::c_int & 0x1 as libc::c_int) as libc::c_ulong
+            != (*p_compressed.offset(0 as libc::c_int as isize) as libc::c_int & 0x1 as libc::c_int) as libc::c_ulong
        {
            vli_sub((*p_point).y.as_mut_ptr(), curve_p.as_mut_ptr(), (*p_point).y.as_mut_ptr());
        };
@ -1046,20 +1023,12 @@ mod builtin {
            }
        }
        ecc_native2bytes(p_privateKey, l_private.as_mut_ptr() as *const uint64_t);
-        ecc_native2bytes(
+        ecc_native2bytes(p_publicKey.offset(1 as libc::c_int as isize), l_public.x.as_mut_ptr() as *const uint64_t);
-            p_publicKey.offset(1 as libc::c_int as isize),
+        *p_publicKey.offset(0 as libc::c_int as isize) =
-            l_public.x.as_mut_ptr() as *const uint64_t,
+            (2 as libc::c_int as libc::c_ulong).wrapping_add(l_public.y[0 as libc::c_int as usize] & 0x1 as libc::c_int as libc::c_ulong) as uint8_t;
        );
        *p_publicKey.offset(0 as libc::c_int as isize) = (2 as libc::c_int as libc::c_ulong)
        .wrapping_add(l_public.y[0 as libc::c_int as usize] & 0x1 as libc::c_int as libc::c_ulong)
        as uint8_t;
        return 1 as libc::c_int;
    }
-    pub unsafe fn ecdh_shared_secret(
+    pub unsafe fn ecdh_shared_secret(mut p_publicKey: *const uint8_t, mut p_privateKey: *const uint8_t, mut p_secret: *mut uint8_t) -> libc::c_int {
        mut p_publicKey: *const uint8_t,
        mut p_privateKey: *const uint8_t,
        mut p_secret: *mut uint8_t,
    ) -> libc::c_int {
        let mut l_public: EccPoint = std::mem::MaybeUninit::uninit().assume_init();
        let mut l_private: [uint64_t; 6] = std::mem::MaybeUninit::uninit().assume_init();
        let mut l_random: [uint64_t; 6] = std::mem::MaybeUninit::uninit().assume_init();
@ -1086,9 +1055,8 @@ mod builtin {
        vli_mult(l_product.as_mut_ptr(), p_left, p_right);
        l_productBits = vli_numBits(l_product.as_mut_ptr().offset((48 as libc::c_int / 8 as libc::c_int) as isize));
        if l_productBits != 0 {
-            l_productBits = (l_productBits as libc::c_uint)
+            l_productBits = (l_productBits as libc::c_uint).wrapping_add((48 as libc::c_int / 8 as libc::c_int * 64 as libc::c_int) as libc::c_uint)
-            .wrapping_add((48 as libc::c_int / 8 as libc::c_int * 64 as libc::c_int) as libc::c_uint)
+                as uint as uint
            as uint as uint
        } else {
            l_productBits = vli_numBits(l_product.as_mut_ptr())
        }
@ -1101,15 +1069,11 @@ mod builtin {
        power of two possible while still resulting in a number less than p_left. */
        vli_clear(l_modMultiple.as_mut_ptr());
        vli_clear(l_modMultiple.as_mut_ptr().offset((48 as libc::c_int / 8 as libc::c_int) as isize));
-        l_digitShift = l_productBits
+        l_digitShift = l_productBits.wrapping_sub(l_modBits).wrapping_div(64 as libc::c_int as libc::c_uint);
-        .wrapping_sub(l_modBits)
+        l_bitShift = l_productBits.wrapping_sub(l_modBits).wrapping_rem(64 as libc::c_int as libc::c_uint);
        .wrapping_div(64 as libc::c_int as libc::c_uint);
        l_bitShift = l_productBits
        .wrapping_sub(l_modBits)
        .wrapping_rem(64 as libc::c_int as libc::c_uint);
        if l_bitShift != 0 {
            l_modMultiple[l_digitShift.wrapping_add((48 as libc::c_int / 8 as libc::c_int) as libc::c_uint) as usize] =
-            vli_lshift(l_modMultiple.as_mut_ptr().offset(l_digitShift as isize), p_mod, l_bitShift)
+                vli_lshift(l_modMultiple.as_mut_ptr().offset(l_digitShift as isize), p_mod, l_bitShift)
        } else {
            vli_set(l_modMultiple.as_mut_ptr().offset(l_digitShift as isize), p_mod);
        }
@ -1117,14 +1081,14 @@ mod builtin {
        vli_clear(p_result); /* Use p_result as a temp var to store 1 (for subtraction) */
        *p_result.offset(0 as libc::c_int as isize) = 1 as libc::c_int as uint64_t;
        while l_productBits > (48 as libc::c_int / 8 as libc::c_int * 64 as libc::c_int) as libc::c_uint
-        || vli_cmp(l_modMultiple.as_mut_ptr(), p_mod) >= 0 as libc::c_int
+            || vli_cmp(l_modMultiple.as_mut_ptr(), p_mod) >= 0 as libc::c_int
        {
            let mut l_cmp: libc::c_int = vli_cmp(
                l_modMultiple.as_mut_ptr().offset((48 as libc::c_int / 8 as libc::c_int) as isize),
                l_product.as_mut_ptr().offset((48 as libc::c_int / 8 as libc::c_int) as isize),
            );
            if l_cmp < 0 as libc::c_int
-            || l_cmp == 0 as libc::c_int && vli_cmp(l_modMultiple.as_mut_ptr(), l_product.as_mut_ptr()) <= 0 as libc::c_int
+                || l_cmp == 0 as libc::c_int && vli_cmp(l_modMultiple.as_mut_ptr(), l_product.as_mut_ptr()) <= 0 as libc::c_int
            {
                if vli_sub(l_product.as_mut_ptr(), l_product.as_mut_ptr(), l_modMultiple.as_mut_ptr()) != 0 {
                    /* borrow */
@ -1141,7 +1105,7 @@ mod builtin {
                );
            }
            let mut l_carry: uint64_t =
-            (l_modMultiple[(48 as libc::c_int / 8 as libc::c_int) as usize] & 0x1 as libc::c_int as libc::c_ulong) << 63 as libc::c_int;
+                (l_modMultiple[(48 as libc::c_int / 8 as libc::c_int) as usize] & 0x1 as libc::c_int as libc::c_ulong) << 63 as libc::c_int;
            vli_rshift1(l_modMultiple.as_mut_ptr().offset((48 as libc::c_int / 8 as libc::c_int) as isize));
            vli_rshift1(l_modMultiple.as_mut_ptr());
            l_modMultiple[(48 as libc::c_int / 8 as libc::c_int - 1 as libc::c_int) as usize] |= l_carry;
@ -1193,11 +1157,7 @@ mod builtin {
        ecc_native2bytes(p_signature.offset(48 as libc::c_int as isize), l_s.as_mut_ptr() as *const uint64_t);
        return 1 as libc::c_int;
    }
-    pub unsafe fn ecdsa_verify(
+    pub unsafe fn ecdsa_verify(mut p_publicKey: *const uint8_t, mut p_hash: *const uint8_t, mut p_signature: *const uint8_t) -> libc::c_int {
        mut p_publicKey: *const uint8_t,
        mut p_hash: *const uint8_t,
        mut p_signature: *const uint8_t,
    ) -> libc::c_int {
        let mut u1: [uint64_t; 6] = std::mem::MaybeUninit::uninit().assume_init();
        let mut u2: [uint64_t; 6] = std::mem::MaybeUninit::uninit().assume_init();
        let mut z: [uint64_t; 6] = std::mem::MaybeUninit::uninit().assume_init();
@ -1217,8 +1177,7 @@ mod builtin {
            /* r, s must not be 0. */
            return 0 as libc::c_int;
        }
-        if vli_cmp(curve_n.as_mut_ptr(), l_r.as_mut_ptr()) != 1 as libc::c_int
+        if vli_cmp(curve_n.as_mut_ptr(), l_r.as_mut_ptr()) != 1 as libc::c_int || vli_cmp(curve_n.as_mut_ptr(), l_s.as_mut_ptr()) != 1 as libc::c_int
        || vli_cmp(curve_n.as_mut_ptr(), l_s.as_mut_ptr()) != 1 as libc::c_int
        {
            /* r, s must be < n. */
            return 0 as libc::c_int;
@ -1240,10 +1199,10 @@ mod builtin {
        /* Use Shamir's trick to calculate u1*G + u2*Q */
        let mut l_points: [*mut EccPoint; 4] = [0 as *mut EccPoint, &mut curve_G, &mut l_public, &mut l_sum]; /* Z = x2 - x1 */
        let mut l_numBits: uint = umax(vli_numBits(u1.as_mut_ptr()), vli_numBits(u2.as_mut_ptr())); /* Z = 1/Z */
-        let mut l_point: *mut EccPoint = l_points[((vli_testBit(u1.as_mut_ptr(), l_numBits.wrapping_sub(1 as libc::c_int as libc::c_uint))
+        let mut l_point: *mut EccPoint = l_points[((vli_testBit(u1.as_mut_ptr(), l_numBits.wrapping_sub(1 as libc::c_int as libc::c_uint)) != 0)
-        != 0) as libc::c_int
+            as libc::c_int
-        | ((vli_testBit(u2.as_mut_ptr(), l_numBits.wrapping_sub(1 as libc::c_int as libc::c_uint)) != 0) as libc::c_int)
+            | ((vli_testBit(u2.as_mut_ptr(), l_numBits.wrapping_sub(1 as libc::c_int as libc::c_uint)) != 0) as libc::c_int) << 1 as libc::c_int)
-        << 1 as libc::c_int) as usize];
+            as usize];
        vli_set(rx.as_mut_ptr(), (*l_point).x.as_mut_ptr());
        vli_set(ry.as_mut_ptr(), (*l_point).y.as_mut_ptr());
        vli_clear(z.as_mut_ptr());
@ -1253,7 +1212,7 @@ mod builtin {
        while i >= 0 as libc::c_int {
            EccPoint_double_jacobian(rx.as_mut_ptr(), ry.as_mut_ptr(), z.as_mut_ptr());
            let mut l_index: libc::c_int = (vli_testBit(u1.as_mut_ptr(), i as uint) != 0) as libc::c_int
-            | ((vli_testBit(u2.as_mut_ptr(), i as uint) != 0) as libc::c_int) << 1 as libc::c_int;
+                | ((vli_testBit(u2.as_mut_ptr(), i as uint) != 0) as libc::c_int) << 1 as libc::c_int;
            let mut l_point_0: *mut EccPoint = l_points[l_index as usize];
            if !l_point_0.is_null() {
                vli_set(tx.as_mut_ptr(), (*l_point_0).x.as_mut_ptr());
@ -1363,7 +1322,7 @@ pub use openssl_based::*;
 #[cfg(test)]
 mod tests {
-    use crate::{p384::P384KeyPair, secure_eq, init};
+    use crate::{init, p384::P384KeyPair, secure_eq};
    #[test]
    fn generate_sign_verify_agree() {
--- a/crypto/src/poly1305.rs
+++ b/crypto/src/poly1305.rs
@ -20,12 +20,12 @@ mod tests {
    use crate::poly1305::*;
    const TV0_INPUT: [u8; 32] = [
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    ];
    const TV0_KEY: [u8; 32] = [
-        0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f,
+        0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, 0x72,
-        0x72, 0x20, 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35,
+        0x20, 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35,
    ];
    const TV0_TAG: [u8; 16] = [
        0x49, 0xec, 0x78, 0x09, 0x0e, 0x48, 0x1e, 0xc6, 0xc2, 0x6b, 0x33, 0xb9, 0x1c, 0xcc, 0x03, 0x07,
@ -33,8 +33,8 @@ mod tests {
    const TV1_INPUT: [u8; 12] = [0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x21];
    const TV1_KEY: [u8; 32] = [
-        0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f,
+        0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, 0x72,
-        0x72, 0x20, 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35,
+        0x20, 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35,
    ];
    const TV1_TAG: [u8; 16] = [
        0xa6, 0xf7, 0x45, 0x00, 0x8f, 0x81, 0xc9, 0x16, 0xa2, 0x0d, 0xcc, 0x74, 0xee, 0xf2, 0xb2, 0xf0,
--- a/crypto/src/random.rs
+++ b/crypto/src/random.rs
@ -1,9 +1,8 @@
 use std::sync::atomic::{AtomicU64, Ordering};
 use libc::c_int;
-use crate::error::{ErrorStack, cvt};
+use crate::error::{cvt, ErrorStack};
 /// Fill buffer with cryptographically strong pseudo-random bytes.
 fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
@ -13,7 +12,6 @@ fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
    }
 }
 pub fn next_u32_secure() -> u32 {
    unsafe {
        let mut tmp = [0u32; 1];
--- a/crypto/src/salsa.rs
+++ b/crypto/src/salsa.rs
@ -242,14 +242,14 @@ mod tests {
    use crate::salsa::*;
    const SALSA_20_TV0_KEY: [u8; 32] = [
-        0x0f, 0x62, 0xb5, 0x08, 0x5b, 0xae, 0x01, 0x54, 0xa7, 0xfa, 0x4d, 0xa0, 0xf3, 0x46, 0x99, 0xec, 0x3f, 0x92, 0xe5, 0x38, 0x8b, 0xde,
+        0x0f, 0x62, 0xb5, 0x08, 0x5b, 0xae, 0x01, 0x54, 0xa7, 0xfa, 0x4d, 0xa0, 0xf3, 0x46, 0x99, 0xec, 0x3f, 0x92, 0xe5, 0x38, 0x8b, 0xde, 0x31,
-        0x31, 0x84, 0xd7, 0x2a, 0x7d, 0xd0, 0x23, 0x76, 0xc9, 0x1c,
+        0x84, 0xd7, 0x2a, 0x7d, 0xd0, 0x23, 0x76, 0xc9, 0x1c,
    ];
    const SALSA_20_TV0_IV: [u8; 8] = [0x28, 0x8f, 0xf6, 0x5d, 0xc4, 0x2b, 0x92, 0xf9];
    const SALSA_20_TV0_KS: [u8; 64] = [
-        0x5e, 0x5e, 0x71, 0xf9, 0x01, 0x99, 0x34, 0x03, 0x04, 0xab, 0xb2, 0x2a, 0x37, 0xb6, 0x62, 0x5b, 0xf8, 0x83, 0xfb, 0x89, 0xce, 0x3b,
+        0x5e, 0x5e, 0x71, 0xf9, 0x01, 0x99, 0x34, 0x03, 0x04, 0xab, 0xb2, 0x2a, 0x37, 0xb6, 0x62, 0x5b, 0xf8, 0x83, 0xfb, 0x89, 0xce, 0x3b, 0x21,
-        0x21, 0xf5, 0x4a, 0x10, 0xb8, 0x10, 0x66, 0xef, 0x87, 0xda, 0x30, 0xb7, 0x76, 0x99, 0xaa, 0x73, 0x79, 0xda, 0x59, 0x5c, 0x77, 0xdd,
+        0xf5, 0x4a, 0x10, 0xb8, 0x10, 0x66, 0xef, 0x87, 0xda, 0x30, 0xb7, 0x76, 0x99, 0xaa, 0x73, 0x79, 0xda, 0x59, 0x5c, 0x77, 0xdd, 0x59, 0x54,
-        0x59, 0x54, 0x2d, 0xa2, 0x08, 0xe5, 0x95, 0x4f, 0x89, 0xe4, 0x0e, 0xb7, 0xaa, 0x80, 0xa8, 0x4a, 0x61, 0x76, 0x66, 0x3f,
+        0x2d, 0xa2, 0x08, 0xe5, 0x95, 0x4f, 0x89, 0xe4, 0x0e, 0xb7, 0xaa, 0x80, 0xa8, 0x4a, 0x61, 0x76, 0x66, 0x3f,
    ];
    #[test]
--- a/crypto/src/secret.rs
+++ b/crypto/src/secret.rs
@ -1,6 +1,6 @@
 // (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md.
-use std::{ffi::c_void, convert::TryInto};
+use std::{convert::TryInto, ffi::c_void};
 extern "C" {
    fn OPENSSL_cleanse(ptr: *mut c_void, len: usize);
@ -35,13 +35,13 @@ impl<const L: usize> Secret<L> {
    /// Copy bytes into secret, then nuke the previous value, will panic if the slice does not match the size of this secret.
    #[inline(always)]
    pub fn from_bytes_then_nuke(b: &mut [u8]) -> Self {
-        let ret = Self (b.try_into().unwrap());
+        let ret = Self(b.try_into().unwrap());
        unsafe { OPENSSL_cleanse(b.as_mut_ptr().cast(), L) };
        ret
    }
    #[inline(always)]
    pub unsafe fn from_bytes(b: &[u8]) -> Self {
-        Self (b.try_into().unwrap())
+        Self(b.try_into().unwrap())
    }
    #[inline(always)]
--- a/openssl-sys/build/find_normal.rs
+++ b/openssl-sys/build/find_normal.rs
@ -144,10 +144,7 @@ Ways to fix it:
        }
    }
-    if host.contains("unknown-linux")
+    if host.contains("unknown-linux") && target.contains("unknown-linux-gnu") && Command::new("pkg-config").output().is_err() {
        && target.contains("unknown-linux-gnu")
        && Command::new("pkg-config").output().is_err()
    {
        msg.push_str(
            "
 It looks like you're compiling on Linux and also targeting Linux. Currently this
@ -208,10 +205,7 @@ fn try_pkg_config() {
        return;
    }
-    let lib = match pkg_config::Config::new()
+    let lib = match pkg_config::Config::new().print_system_libs(false).probe("openssl") {
        .print_system_libs(false)
        .probe("openssl")
    {
        Ok(lib) => lib,
        Err(e) => {
            println!("run pkg_config fail: {:?}", e);
@ -237,10 +231,7 @@ fn try_vcpkg() {
    // vcpkg will not emit any metadata if it can not find libraries
    // appropriate for the target triple with the desired linkage.
-    let lib = match vcpkg::Config::new()
+    let lib = match vcpkg::Config::new().emit_includes(true).find_package("openssl") {
        .emit_includes(true)
        .find_package("openssl")
    {
        Ok(lib) => lib,
        Err(e) => {
            println!("note: vcpkg did not find openssl: {}", e);
--- a/openssl-sys/build/find_vendored.rs
+++ b/openssl-sys/build/find_vendored.rs
@ -4,13 +4,7 @@ use std::path::PathBuf;
 pub fn get_openssl(_target: &str) -> (Vec<PathBuf>, PathBuf) {
    let artifacts = openssl_src::Build::new().build();
    println!("cargo:vendored=1");
-    println!(
+    println!("cargo:root={}", artifacts.lib_dir().parent().unwrap().display());
        "cargo:root={}",
        artifacts.lib_dir().parent().unwrap().display()
    );
-    (
+    (vec![artifacts.lib_dir().to_path_buf()], artifacts.include_dir().to_path_buf())
        vec![artifacts.lib_dir().to_path_buf()],
        artifacts.include_dir().to_path_buf(),
    )
 }
--- a/openssl-sys/build/main.rs
+++ b/openssl-sys/build/main.rs
@ -1,8 +1,4 @@
-#![allow(
+#![allow(clippy::inconsistent_digit_grouping, clippy::uninlined_format_args, clippy::unusual_byte_groupings)]
    clippy::inconsistent_digit_grouping,
    clippy::uninlined_format_args,
    clippy::unusual_byte_groupings
 )]
 extern crate autocfg;
 #[cfg(feature = "bindgen")]
@ -87,17 +83,11 @@ fn main() {
        panic!("OpenSSL library directory does not exist: {:?}", lib_dirs);
    }
    if !Path::new(&include_dir).exists() {
-        panic!(
+        panic!("OpenSSL include directory does not exist: {}", include_dir.to_string_lossy());
            "OpenSSL include directory does not exist: {}",
            include_dir.to_string_lossy()
        );
    }
    for lib_dir in lib_dirs.iter() {
-        println!(
+        println!("cargo:rustc-link-search=native={}", lib_dir.to_string_lossy());
            "cargo:rustc-link-search=native={}",
            lib_dir.to_string_lossy()
        );
    }
    println!("cargo:include={}", include_dir.to_string_lossy());
@ -391,11 +381,9 @@ fn determine_mode(libdirs: &[PathBuf], libs: &[&str]) -> &'static str {
    let can_static = libs
        .iter()
        .all(|l| files.contains(&format!("lib{}.a", l)) || files.contains(&format!("{}.lib", l)));
-    let can_dylib = libs.iter().all(|l| {
+    let can_dylib = libs
-        files.contains(&format!("lib{}.so", l))
+        .iter()
-            || files.contains(&format!("{}.dll", l))
+        .all(|l| files.contains(&format!("lib{}.so", l)) || files.contains(&format!("{}.dll", l)) || files.contains(&format!("lib{}.dylib", l)));
            || files.contains(&format!("lib{}.dylib", l))
    });
    match (can_static, can_dylib) {
        (true, false) => return "static",
        (false, true) => return "dylib",
--- a/openssl-sys/build/run_bindgen.rs
+++ b/openssl-sys/build/run_bindgen.rs
@ -82,16 +82,10 @@ pub fn run(include_dirs: &[PathBuf]) {
        .header_contents("includes.h", INCLUDES);
    for include_dir in include_dirs {
-        builder = builder
+        builder = builder.clang_arg("-I").clang_arg(include_dir.display().to_string());
            .clang_arg("-I")
            .clang_arg(include_dir.display().to_string());
    }
-    builder
+    builder.generate().unwrap().write_to_file(out_dir.join("bindgen.rs")).unwrap();
        .generate()
        .unwrap()
        .write_to_file(out_dir.join("bindgen.rs"))
        .unwrap();
 }
 #[derive(Debug)]
--- a/openssl-sys/src/bio.rs
+++ b/openssl-sys/src/bio.rs
@ -35,38 +35,20 @@ pub unsafe fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long {
 extern "C" {
    #[deprecated(note = "use BIO_meth_set_write__fixed_rust instead")]
    #[cfg(any(ossl110, libressl273))]
-    pub fn BIO_meth_set_write(
+    pub fn BIO_meth_set_write(biom: *mut BIO_METHOD, write: unsafe extern "C" fn(*mut BIO, *const c_char, c_int) -> c_int) -> c_int;
        biom: *mut BIO_METHOD,
        write: unsafe extern "C" fn(*mut BIO, *const c_char, c_int) -> c_int,
    ) -> c_int;
    #[deprecated(note = "use BIO_meth_set_read__fixed_rust instead")]
    #[cfg(any(ossl110, libressl273))]
-    pub fn BIO_meth_set_read(
+    pub fn BIO_meth_set_read(biom: *mut BIO_METHOD, read: unsafe extern "C" fn(*mut BIO, *mut c_char, c_int) -> c_int) -> c_int;
        biom: *mut BIO_METHOD,
        read: unsafe extern "C" fn(*mut BIO, *mut c_char, c_int) -> c_int,
    ) -> c_int;
    #[deprecated(note = "use BIO_meth_set_puts__fixed_rust instead")]
    #[cfg(any(ossl110, libressl273))]
-    pub fn BIO_meth_set_puts(
+    pub fn BIO_meth_set_puts(biom: *mut BIO_METHOD, read: unsafe extern "C" fn(*mut BIO, *const c_char) -> c_int) -> c_int;
        biom: *mut BIO_METHOD,
        read: unsafe extern "C" fn(*mut BIO, *const c_char) -> c_int,
    ) -> c_int;
    #[deprecated(note = "use BIO_meth_set_ctrl__fixed_rust instead")]
    #[cfg(any(ossl110, libressl273))]
-    pub fn BIO_meth_set_ctrl(
+    pub fn BIO_meth_set_ctrl(biom: *mut BIO_METHOD, read: unsafe extern "C" fn(*mut BIO, c_int, c_long, *mut c_void) -> c_long) -> c_int;
        biom: *mut BIO_METHOD,
        read: unsafe extern "C" fn(*mut BIO, c_int, c_long, *mut c_void) -> c_long,
    ) -> c_int;
    #[deprecated(note = "use BIO_meth_set_create__fixed_rust instead")]
    #[cfg(any(ossl110, libressl273))]
-    pub fn BIO_meth_set_create(
+    pub fn BIO_meth_set_create(biom: *mut BIO_METHOD, create: unsafe extern "C" fn(*mut BIO) -> c_int) -> c_int;
        biom: *mut BIO_METHOD,
        create: unsafe extern "C" fn(*mut BIO) -> c_int,
    ) -> c_int;
    #[deprecated(note = "use BIO_meth_set_destroy__fixed_rust instead")]
    #[cfg(any(ossl110, libressl273))]
-    pub fn BIO_meth_set_destroy(
+    pub fn BIO_meth_set_destroy(biom: *mut BIO_METHOD, destroy: unsafe extern "C" fn(*mut BIO) -> c_int) -> c_int;
        biom: *mut BIO_METHOD,
        destroy: unsafe extern "C" fn(*mut BIO) -> c_int,
    ) -> c_int;
 }
--- a/openssl-sys/src/crypto.rs
+++ b/openssl-sys/src/crypto.rs
@ -4,9 +4,7 @@ use libc::*;
 extern "C" {
    #[deprecated(note = "use CRYPTO_set_locking_callback__fixed_rust instead")]
    #[cfg(not(ossl110))]
-    pub fn CRYPTO_set_locking_callback(
+    pub fn CRYPTO_set_locking_callback(func: unsafe extern "C" fn(mode: c_int, n: c_int, file: *const c_char, line: c_int));
        func: unsafe extern "C" fn(mode: c_int, n: c_int, file: *const c_char, line: c_int),
    );
    #[deprecated(note = "use CRYPTO_set_id_callback__fixed_rust instead")]
    #[cfg(not(ossl110))]
@ -48,46 +46,28 @@ pub type CRYPTO_EX_dup = unsafe extern "C" fn(
    argl: c_long,
    argp: *mut c_void,
 ) -> c_int;
-pub type CRYPTO_EX_free = unsafe extern "C" fn(
+pub type CRYPTO_EX_free =
-    parent: *mut c_void,
+    unsafe extern "C" fn(parent: *mut c_void, ptr: *mut c_void, ad: *mut CRYPTO_EX_DATA, idx: c_int, argl: c_long, argp: *mut c_void);
    ptr: *mut c_void,
    ad: *mut CRYPTO_EX_DATA,
    idx: c_int,
    argl: c_long,
    argp: *mut c_void,
 );
 #[cfg(ossl110)]
 #[inline]
 #[track_caller]
 pub unsafe fn OPENSSL_malloc(num: usize) -> *mut c_void {
-    CRYPTO_malloc(
+    CRYPTO_malloc(num, concat!(file!(), "\0").as_ptr() as *const _, line!() as _)
        num,
        concat!(file!(), "\0").as_ptr() as *const _,
        line!() as _,
    )
 }
 #[cfg(not(ossl110))]
 #[inline]
 #[track_caller]
 pub unsafe fn OPENSSL_malloc(num: c_int) -> *mut c_void {
-    CRYPTO_malloc(
+    CRYPTO_malloc(num, concat!(file!(), "\0").as_ptr() as *const _, line!() as _)
        num,
        concat!(file!(), "\0").as_ptr() as *const _,
        line!() as _,
    )
 }
 #[cfg(ossl110)]
 #[inline]
 #[track_caller]
 pub unsafe fn OPENSSL_free(addr: *mut c_void) {
-    CRYPTO_free(
+    CRYPTO_free(addr, concat!(file!(), "\0").as_ptr() as *const _, line!() as _)
        addr,
        concat!(file!(), "\0").as_ptr() as *const _,
        line!() as _,
    )
 }
 #[cfg(not(ossl110))]
--- a/openssl-sys/src/ec.rs
+++ b/openssl-sys/src/ec.rs
@ -7,10 +7,5 @@ pub const OPENSSL_EC_NAMED_CURVE: c_int = 1;
 #[cfg(ossl300)]
 pub unsafe fn EVP_EC_gen(curve: *const c_char) -> *mut EVP_PKEY {
-    EVP_PKEY_Q_keygen(
+    EVP_PKEY_Q_keygen(ptr::null_mut(), ptr::null_mut(), "EC\0".as_ptr().cast(), curve)
        ptr::null_mut(),
        ptr::null_mut(),
        "EC\0".as_ptr().cast(),
        curve,
    )
 }
--- a/openssl-sys/src/evp.rs
+++ b/openssl-sys/src/evp.rs
@ -110,20 +110,12 @@ cfg_if! {
 }
 #[cfg(not(ossl300))]
 #[inline]
-pub unsafe fn EVP_DigestSignUpdate(
+pub unsafe fn EVP_DigestSignUpdate(ctx: *mut EVP_MD_CTX, data: *const c_void, dsize: size_t) -> c_int {
    ctx: *mut EVP_MD_CTX,
    data: *const c_void,
    dsize: size_t,
 ) -> c_int {
    EVP_DigestUpdate(ctx, data, dsize)
 }
 #[cfg(not(ossl300))]
 #[inline]
-pub unsafe fn EVP_DigestVerifyUpdate(
+pub unsafe fn EVP_DigestVerifyUpdate(ctx: *mut EVP_MD_CTX, data: *const c_void, dsize: size_t) -> c_int {
    ctx: *mut EVP_MD_CTX,
    data: *const c_void,
    dsize: size_t,
 ) -> c_int {
    EVP_DigestUpdate(ctx, data, dsize)
 }
 #[cfg(ossl300)]
@ -174,11 +166,8 @@ cfg_if! {
    }
 }
-pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
+pub const EVP_PKEY_OP_TYPE_SIG: c_int =
-    | EVP_PKEY_OP_VERIFY
+    EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX;
    | EVP_PKEY_OP_VERIFYRECOVER
    | EVP_PKEY_OP_SIGNCTX
    | EVP_PKEY_OP_VERIFYCTX;
 pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT;
@ -214,72 +203,25 @@ pub const EVP_PKEY_CTRL_HKDF_MODE: c_int = EVP_PKEY_ALG_CTRL + 7;
 #[cfg(all(ossl111, not(ossl300)))]
 pub unsafe fn EVP_PKEY_CTX_set_hkdf_mode(ctx: *mut EVP_PKEY_CTX, mode: c_int) -> c_int {
-    EVP_PKEY_CTX_ctrl(
+    EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_MODE, mode, std::ptr::null_mut())
        ctx,
        -1,
        EVP_PKEY_OP_DERIVE,
        EVP_PKEY_CTRL_HKDF_MODE,
        mode,
        std::ptr::null_mut(),
    )
 }
 #[cfg(all(ossl110, not(ossl300)))]
 pub unsafe fn EVP_PKEY_CTX_set_hkdf_md(ctx: *mut EVP_PKEY_CTX, md: *const EVP_MD) -> c_int {
-    EVP_PKEY_CTX_ctrl(
+    EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_MD, 0, md as *mut c_void)
        ctx,
        -1,
        EVP_PKEY_OP_DERIVE,
        EVP_PKEY_CTRL_HKDF_MD,
        0,
        md as *mut c_void,
    )
 }
 #[cfg(all(ossl110, not(ossl300)))]
-pub unsafe fn EVP_PKEY_CTX_set1_hkdf_salt(
+pub unsafe fn EVP_PKEY_CTX_set1_hkdf_salt(ctx: *mut EVP_PKEY_CTX, salt: *const u8, saltlen: c_int) -> c_int {
-    ctx: *mut EVP_PKEY_CTX,
+    EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_SALT, saltlen, salt as *mut c_void)
    salt: *const u8,
    saltlen: c_int,
 ) -> c_int {
    EVP_PKEY_CTX_ctrl(
        ctx,
        -1,
        EVP_PKEY_OP_DERIVE,
        EVP_PKEY_CTRL_HKDF_SALT,
        saltlen,
        salt as *mut c_void,
    )
 }
 #[cfg(all(ossl110, not(ossl300)))]
-pub unsafe fn EVP_PKEY_CTX_set1_hkdf_key(
+pub unsafe fn EVP_PKEY_CTX_set1_hkdf_key(ctx: *mut EVP_PKEY_CTX, key: *const u8, keylen: c_int) -> c_int {
-    ctx: *mut EVP_PKEY_CTX,
+    EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_KEY, keylen, key as *mut c_void)
    key: *const u8,
    keylen: c_int,
 ) -> c_int {
    EVP_PKEY_CTX_ctrl(
        ctx,
        -1,
        EVP_PKEY_OP_DERIVE,
        EVP_PKEY_CTRL_HKDF_KEY,
        keylen,
        key as *mut c_void,
    )
 }
 #[cfg(all(ossl110, not(ossl300)))]
-pub unsafe fn EVP_PKEY_CTX_add1_hkdf_info(
+pub unsafe fn EVP_PKEY_CTX_add1_hkdf_info(ctx: *mut EVP_PKEY_CTX, info: *const u8, infolen: c_int) -> c_int {
-    ctx: *mut EVP_PKEY_CTX,
+    EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_INFO, infolen, info as *mut c_void)
    info: *const u8,
    infolen: c_int,
 ) -> c_int {
    EVP_PKEY_CTX_ctrl(
        ctx,
        -1,
        EVP_PKEY_OP_DERIVE,
        EVP_PKEY_CTRL_HKDF_INFO,
        infolen,
        info as *mut c_void,
    )
 }
--- a/openssl-sys/src/handwritten/aes.rs
+++ b/openssl-sys/src/handwritten/aes.rs
@ -13,28 +13,9 @@ extern "C" {
    pub fn AES_set_decrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int;
    #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
-    pub fn AES_ige_encrypt(
+    pub fn AES_ige_encrypt(in_: *const c_uchar, out: *mut c_uchar, length: size_t, key: *const AES_KEY, ivec: *mut c_uchar, enc: c_int);
        in_: *const c_uchar,
        out: *mut c_uchar,
        length: size_t,
        key: *const AES_KEY,
        ivec: *mut c_uchar,
        enc: c_int,
    );
-    pub fn AES_wrap_key(
+    pub fn AES_wrap_key(key: *mut AES_KEY, iv: *const c_uchar, out: *mut c_uchar, in_: *const c_uchar, inlen: c_uint) -> c_int;
        key: *mut AES_KEY,
        iv: *const c_uchar,
        out: *mut c_uchar,
        in_: *const c_uchar,
        inlen: c_uint,
    ) -> c_int;
-    pub fn AES_unwrap_key(
+    pub fn AES_unwrap_key(key: *mut AES_KEY, iv: *const c_uchar, out: *mut c_uchar, in_: *const c_uchar, inlen: c_uint) -> c_int;
        key: *mut AES_KEY,
        iv: *const c_uchar,
        out: *mut c_uchar,
        in_: *const c_uchar,
        inlen: c_uint,
    ) -> c_int;
 }
--- a/openssl-sys/src/handwritten/asn1.rs
+++ b/openssl-sys/src/handwritten/asn1.rs
@ -32,12 +32,7 @@ extern "C" {
    pub fn ASN1_GENERALIZEDTIME_print(b: *mut BIO, tm: *const ASN1_GENERALIZEDTIME) -> c_int;
    pub fn ASN1_TIME_new() -> *mut ASN1_TIME;
    #[cfg(ossl102)]
-    pub fn ASN1_TIME_diff(
+    pub fn ASN1_TIME_diff(pday: *mut c_int, psec: *mut c_int, from: *const ASN1_TIME, to: *const ASN1_TIME) -> c_int;
        pday: *mut c_int,
        psec: *mut c_int,
        from: *const ASN1_TIME,
        to: *const ASN1_TIME,
    ) -> c_int;
    pub fn ASN1_TIME_free(tm: *mut ASN1_TIME);
    pub fn ASN1_TIME_print(b: *mut BIO, tm: *const ASN1_TIME) -> c_int;
    pub fn ASN1_TIME_set(from: *mut ASN1_TIME, to: time_t) -> *mut ASN1_TIME;
--- a/openssl-sys/src/handwritten/bio.rs
+++ b/openssl-sys/src/handwritten/bio.rs
@ -6,8 +6,7 @@ extern "C" {
    pub fn BIO_clear_flags(b: *mut BIO, flags: c_int);
 }
-pub type bio_info_cb =
+pub type bio_info_cb = Option<unsafe extern "C" fn(*mut BIO, c_int, *const c_char, c_int, c_long, c_long)>;
    Option<unsafe extern "C" fn(*mut BIO, c_int, *const c_char, c_int, c_long, c_long)>;
 cfg_if! {
    if #[cfg(any(ossl110, libressl280))] {
@ -76,16 +75,10 @@ extern "C" {
    ) -> c_int;
    #[cfg(any(ossl110, libressl273))]
    #[link_name = "BIO_meth_set_read"]
-    pub fn BIO_meth_set_read__fixed_rust(
+    pub fn BIO_meth_set_read__fixed_rust(biom: *mut BIO_METHOD, read: Option<unsafe extern "C" fn(*mut BIO, *mut c_char, c_int) -> c_int>) -> c_int;
        biom: *mut BIO_METHOD,
        read: Option<unsafe extern "C" fn(*mut BIO, *mut c_char, c_int) -> c_int>,
    ) -> c_int;
    #[cfg(any(ossl110, libressl273))]
    #[link_name = "BIO_meth_set_puts"]
-    pub fn BIO_meth_set_puts__fixed_rust(
+    pub fn BIO_meth_set_puts__fixed_rust(biom: *mut BIO_METHOD, read: Option<unsafe extern "C" fn(*mut BIO, *const c_char) -> c_int>) -> c_int;
        biom: *mut BIO_METHOD,
        read: Option<unsafe extern "C" fn(*mut BIO, *const c_char) -> c_int>,
    ) -> c_int;
    #[cfg(any(ossl110, libressl273))]
    #[link_name = "BIO_meth_set_ctrl"]
    pub fn BIO_meth_set_ctrl__fixed_rust(
@ -94,14 +87,8 @@ extern "C" {
    ) -> c_int;
    #[cfg(any(ossl110, libressl273))]
    #[link_name = "BIO_meth_set_create"]
-    pub fn BIO_meth_set_create__fixed_rust(
+    pub fn BIO_meth_set_create__fixed_rust(biom: *mut BIO_METHOD, create: Option<unsafe extern "C" fn(*mut BIO) -> c_int>) -> c_int;
        biom: *mut BIO_METHOD,
        create: Option<unsafe extern "C" fn(*mut BIO) -> c_int>,
    ) -> c_int;
    #[cfg(any(ossl110, libressl273))]
    #[link_name = "BIO_meth_set_destroy"]
-    pub fn BIO_meth_set_destroy__fixed_rust(
+    pub fn BIO_meth_set_destroy__fixed_rust(biom: *mut BIO_METHOD, destroy: Option<unsafe extern "C" fn(*mut BIO) -> c_int>) -> c_int;
        biom: *mut BIO_METHOD,
        destroy: Option<unsafe extern "C" fn(*mut BIO) -> c_int>,
    ) -> c_int;
 }
--- a/openssl-sys/src/handwritten/bn.rs
+++ b/openssl-sys/src/handwritten/bn.rs
@ -33,46 +33,12 @@ extern "C" {
    #[cfg(any(ossl110, libressl350))]
    pub fn BN_is_negative(b: *const BIGNUM) -> c_int;
-    pub fn BN_div(
+    pub fn BN_div(dv: *mut BIGNUM, rem: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
-        dv: *mut BIGNUM,
+    pub fn BN_nnmod(rem: *mut BIGNUM, a: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
-        rem: *mut BIGNUM,
+    pub fn BN_mod_add(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
-        a: *const BIGNUM,
+    pub fn BN_mod_sub(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
-        b: *const BIGNUM,
+    pub fn BN_mod_mul(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
-        ctx: *mut BN_CTX,
+    pub fn BN_mod_sqr(r: *mut BIGNUM, a: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
    ) -> c_int;
    pub fn BN_nnmod(
        rem: *mut BIGNUM,
        a: *const BIGNUM,
        m: *const BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn BN_mod_add(
        r: *mut BIGNUM,
        a: *const BIGNUM,
        b: *const BIGNUM,
        m: *const BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn BN_mod_sub(
        r: *mut BIGNUM,
        a: *const BIGNUM,
        b: *const BIGNUM,
        m: *const BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn BN_mod_mul(
        r: *mut BIGNUM,
        a: *const BIGNUM,
        b: *const BIGNUM,
        m: *const BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn BN_mod_sqr(
        r: *mut BIGNUM,
        a: *const BIGNUM,
        m: *const BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn BN_mod_word(r: *const BIGNUM, w: BN_ULONG) -> BN_ULONG;
    pub fn BN_div_word(r: *mut BIGNUM, w: BN_ULONG) -> BN_ULONG;
@ -88,13 +54,7 @@ extern "C" {
    pub fn BN_lshift1(r: *mut BIGNUM, a: *const BIGNUM) -> c_int;
    pub fn BN_exp(r: *mut BIGNUM, a: *const BIGNUM, p: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
-    pub fn BN_mod_exp(
+    pub fn BN_mod_exp(r: *mut BIGNUM, a: *const BIGNUM, p: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
        r: *mut BIGNUM,
        a: *const BIGNUM,
        p: *const BIGNUM,
        m: *const BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn BN_mask_bits(a: *mut BIGNUM, n: c_int) -> c_int;
    pub fn BN_rshift(r: *mut BIGNUM, a: *const BIGNUM, n: c_int) -> c_int;
@ -104,41 +64,18 @@ extern "C" {
    pub fn BN_hex2bn(a: *mut *mut BIGNUM, s: *const c_char) -> c_int;
    pub fn BN_dec2bn(a: *mut *mut BIGNUM, s: *const c_char) -> c_int;
    pub fn BN_gcd(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
-    pub fn BN_mod_inverse(
+    pub fn BN_mod_inverse(r: *mut BIGNUM, a: *const BIGNUM, n: *const BIGNUM, ctx: *mut BN_CTX) -> *mut BIGNUM;
        r: *mut BIGNUM,
        a: *const BIGNUM,
        n: *const BIGNUM,
        ctx: *mut BN_CTX,
    ) -> *mut BIGNUM;
    pub fn BN_clear(bn: *mut BIGNUM);
    pub fn BN_dup(n: *const BIGNUM) -> *mut BIGNUM;
    pub fn BN_ucmp(a: *const BIGNUM, b: *const BIGNUM) -> c_int;
    pub fn BN_set_bit(a: *mut BIGNUM, n: c_int) -> c_int;
    pub fn BN_clear_bit(a: *mut BIGNUM, n: c_int) -> c_int;
-    pub fn BN_generate_prime_ex(
+    pub fn BN_generate_prime_ex(r: *mut BIGNUM, bits: c_int, safe: c_int, add: *const BIGNUM, rem: *const BIGNUM, cb: *mut BN_GENCB) -> c_int;
        r: *mut BIGNUM,
        bits: c_int,
        safe: c_int,
        add: *const BIGNUM,
        rem: *const BIGNUM,
        cb: *mut BN_GENCB,
    ) -> c_int;
    #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
-    pub fn BN_is_prime_ex(
+    pub fn BN_is_prime_ex(p: *const BIGNUM, checks: c_int, ctx: *mut BN_CTX, cb: *mut BN_GENCB) -> c_int;
        p: *const BIGNUM,
        checks: c_int,
        ctx: *mut BN_CTX,
        cb: *mut BN_GENCB,
    ) -> c_int;
    #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
-    pub fn BN_is_prime_fasttest_ex(
+    pub fn BN_is_prime_fasttest_ex(p: *const BIGNUM, checks: c_int, ctx: *mut BN_CTX, do_trial_division: c_int, cb: *mut BN_GENCB) -> c_int;
        p: *const BIGNUM,
        checks: c_int,
        ctx: *mut BN_CTX,
        do_trial_division: c_int,
        cb: *mut BN_GENCB,
    ) -> c_int;
 }
 cfg_if! {
--- a/openssl-sys/src/handwritten/cms.rs
+++ b/openssl-sys/src/handwritten/cms.rs
@ -17,23 +17,13 @@ const_ptr_api! {
 extern "C" {
    #[cfg(ossl101)]
-    pub fn d2i_CMS_ContentInfo(
+    pub fn d2i_CMS_ContentInfo(a: *mut *mut CMS_ContentInfo, pp: *mut *const c_uchar, length: c_long) -> *mut CMS_ContentInfo;
        a: *mut *mut CMS_ContentInfo,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut CMS_ContentInfo;
    #[cfg(ossl101)]
    pub fn SMIME_read_CMS(bio: *mut BIO, bcont: *mut *mut BIO) -> *mut CMS_ContentInfo;
    #[cfg(ossl101)]
-    pub fn CMS_sign(
+    pub fn CMS_sign(signcert: *mut X509, pkey: *mut EVP_PKEY, certs: *mut stack_st_X509, data: *mut BIO, flags: c_uint) -> *mut CMS_ContentInfo;
        signcert: *mut X509,
        pkey: *mut EVP_PKEY,
        certs: *mut stack_st_X509,
        data: *mut BIO,
        flags: c_uint,
    ) -> *mut CMS_ContentInfo;
    #[cfg(ossl101)]
    pub fn CMS_verify(
@ -46,20 +36,8 @@ extern "C" {
    ) -> c_int;
    #[cfg(ossl101)]
-    pub fn CMS_encrypt(
+    pub fn CMS_encrypt(certs: *mut stack_st_X509, data: *mut BIO, cipher: *const EVP_CIPHER, flags: c_uint) -> *mut CMS_ContentInfo;
        certs: *mut stack_st_X509,
        data: *mut BIO,
        cipher: *const EVP_CIPHER,
        flags: c_uint,
    ) -> *mut CMS_ContentInfo;
    #[cfg(ossl101)]
-    pub fn CMS_decrypt(
+    pub fn CMS_decrypt(cms: *mut CMS_ContentInfo, pkey: *mut EVP_PKEY, cert: *mut X509, dcont: *mut BIO, out: *mut BIO, flags: c_uint) -> c_int;
        cms: *mut CMS_ContentInfo,
        pkey: *mut EVP_PKEY,
        cert: *mut X509,
        dcont: *mut BIO,
        out: *mut BIO,
        flags: c_uint,
    ) -> c_int;
 }
--- a/openssl-sys/src/handwritten/crypto.rs
+++ b/openssl-sys/src/handwritten/crypto.rs
@ -36,9 +36,7 @@ extern "C" {
 extern "C" {
    #[cfg(not(ossl110))]
    #[link_name = "CRYPTO_set_locking_callback"]
-    pub fn CRYPTO_set_locking_callback__fixed_rust(
+    pub fn CRYPTO_set_locking_callback__fixed_rust(func: Option<unsafe extern "C" fn(mode: c_int, n: c_int, file: *const c_char, line: c_int)>);
        func: Option<unsafe extern "C" fn(mode: c_int, n: c_int, file: *const c_char, line: c_int)>,
    );
    #[cfg(not(ossl110))]
    #[link_name = "CRYPTO_set_id_callback"]
@ -47,13 +45,7 @@ extern "C" {
 extern "C" {
    #[cfg(not(ossl110))]
-    pub fn CRYPTO_add_lock(
+    pub fn CRYPTO_add_lock(pointer: *mut c_int, amount: c_int, type_: c_int, file: *const c_char, line: c_int) -> c_int;
        pointer: *mut c_int,
        amount: c_int,
        type_: c_int,
        file: *const c_char,
        line: c_int,
    ) -> c_int;
 }
 cfg_if! {
--- a/openssl-sys/src/handwritten/dh.rs
+++ b/openssl-sys/src/handwritten/dh.rs
@ -11,12 +11,7 @@ extern "C" {
        cb_arg: *mut c_void,
    ) -> *mut DH;
-    pub fn DH_generate_parameters_ex(
+    pub fn DH_generate_parameters_ex(dh: *mut DH, prime_len: c_int, generator: c_int, cb: *mut BN_GENCB) -> c_int;
        dh: *mut DH,
        prime_len: c_int,
        generator: c_int,
        cb: *mut BN_GENCB,
    ) -> c_int;
    pub fn DH_generate_key(dh: *mut DH) -> c_int;
    pub fn DH_compute_key(key: *mut c_uchar, pub_key: *const BIGNUM, dh: *mut DH) -> c_int;
@ -35,12 +30,7 @@ extern "C" {
    #[cfg(any(ossl110, libressl270))]
    pub fn DH_set0_pqg(dh: *mut DH, p: *mut BIGNUM, q: *mut BIGNUM, g: *mut BIGNUM) -> c_int;
    #[cfg(any(ossl110, libressl270))]
-    pub fn DH_get0_pqg(
+    pub fn DH_get0_pqg(dh: *const DH, p: *mut *const BIGNUM, q: *mut *const BIGNUM, g: *mut *const BIGNUM);
        dh: *const DH,
        p: *mut *const BIGNUM,
        q: *mut *const BIGNUM,
        g: *mut *const BIGNUM,
    );
    #[cfg(any(ossl110, libressl270))]
    pub fn DH_set0_key(dh: *mut DH, pub_key: *mut BIGNUM, priv_key: *mut BIGNUM) -> c_int;
--- a/openssl-sys/src/handwritten/dsa.rs
+++ b/openssl-sys/src/handwritten/dsa.rs
@ -19,26 +19,11 @@ extern "C" {
    pub fn DSA_free(dsa: *mut DSA);
    pub fn DSA_up_ref(dsa: *mut DSA) -> c_int;
    pub fn DSA_size(dsa: *const DSA) -> c_int;
-    pub fn DSA_sign(
+    pub fn DSA_sign(dummy: c_int, dgst: *const c_uchar, len: c_int, sigret: *mut c_uchar, siglen: *mut c_uint, dsa: *mut DSA) -> c_int;
-        dummy: c_int,
+    pub fn DSA_verify(dummy: c_int, dgst: *const c_uchar, len: c_int, sigbuf: *const c_uchar, siglen: c_int, dsa: *mut DSA) -> c_int;
        dgst: *const c_uchar,
        len: c_int,
        sigret: *mut c_uchar,
        siglen: *mut c_uint,
        dsa: *mut DSA,
    ) -> c_int;
    pub fn DSA_verify(
        dummy: c_int,
        dgst: *const c_uchar,
        len: c_int,
        sigbuf: *const c_uchar,
        siglen: c_int,
        dsa: *mut DSA,
    ) -> c_int;
    pub fn d2i_DSAPublicKey(a: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA;
-    pub fn d2i_DSAPrivateKey(a: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long)
+    pub fn d2i_DSAPrivateKey(a: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA;
        -> *mut DSA;
    pub fn DSA_generate_parameters_ex(
        dsa: *mut DSA,
@ -55,23 +40,14 @@ extern "C" {
    pub fn i2d_DSAPrivateKey(a: *const DSA, pp: *mut *mut c_uchar) -> c_int;
    #[cfg(any(ossl110, libressl273))]
-    pub fn DSA_get0_pqg(
+    pub fn DSA_get0_pqg(d: *const DSA, p: *mut *const BIGNUM, q: *mut *const BIGNUM, q: *mut *const BIGNUM);
        d: *const DSA,
        p: *mut *const BIGNUM,
        q: *mut *const BIGNUM,
        q: *mut *const BIGNUM,
    );
    #[cfg(any(ossl110, libressl273))]
    pub fn DSA_set0_pqg(d: *mut DSA, p: *mut BIGNUM, q: *mut BIGNUM, q: *mut BIGNUM) -> c_int;
    #[cfg(any(ossl110, libressl273))]
    pub fn DSA_get0_key(d: *const DSA, pub_key: *mut *const BIGNUM, priv_key: *mut *const BIGNUM);
    #[cfg(any(ossl110, libressl273))]
    pub fn DSA_set0_key(d: *mut DSA, pub_key: *mut BIGNUM, priv_key: *mut BIGNUM) -> c_int;
-    pub fn d2i_DSA_SIG(
+    pub fn d2i_DSA_SIG(sig: *mut *mut DSA_SIG, pp: *mut *const c_uchar, length: c_long) -> *mut DSA_SIG;
        sig: *mut *mut DSA_SIG,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut DSA_SIG;
    pub fn i2d_DSA_SIG(a: *const DSA_SIG, pp: *mut *mut c_uchar) -> c_int;
    pub fn DSA_SIG_new() -> *mut DSA_SIG;
--- a/openssl-sys/src/handwritten/ec.rs
+++ b/openssl-sys/src/handwritten/ec.rs
@ -21,77 +21,38 @@ extern "C" {
    pub fn EC_GROUP_free(group: *mut EC_GROUP);
-    pub fn EC_GROUP_get_order(
+    pub fn EC_GROUP_get_order(group: *const EC_GROUP, order: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int;
        group: *const EC_GROUP,
        order: *mut BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
-    pub fn EC_GROUP_get_cofactor(
+    pub fn EC_GROUP_get_cofactor(group: *const EC_GROUP, cofactor: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int;
        group: *const EC_GROUP,
        cofactor: *mut BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn EC_GROUP_get0_generator(group: *const EC_GROUP) -> *const EC_POINT;
-    pub fn EC_GROUP_set_generator(
+    pub fn EC_GROUP_set_generator(group: *mut EC_GROUP, generator: *const EC_POINT, order: *const BIGNUM, cofactor: *const BIGNUM) -> c_int;
        group: *mut EC_GROUP,
        generator: *const EC_POINT,
        order: *const BIGNUM,
        cofactor: *const BIGNUM,
    ) -> c_int;
    pub fn EC_GROUP_get_curve_name(group: *const EC_GROUP) -> c_int;
    pub fn EC_GROUP_set_asn1_flag(key: *mut EC_GROUP, flag: c_int);
-    pub fn EC_GROUP_get_curve_GFp(
+    pub fn EC_GROUP_get_curve_GFp(group: *const EC_GROUP, p: *mut BIGNUM, a: *mut BIGNUM, b: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int;
        group: *const EC_GROUP,
        p: *mut BIGNUM,
        a: *mut BIGNUM,
        b: *mut BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
-    pub fn EC_GROUP_get_curve_GF2m(
+    pub fn EC_GROUP_get_curve_GF2m(group: *const EC_GROUP, p: *mut BIGNUM, a: *mut BIGNUM, b: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int;
        group: *const EC_GROUP,
        p: *mut BIGNUM,
        a: *mut BIGNUM,
        b: *mut BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn EC_GROUP_get_degree(group: *const EC_GROUP) -> c_int;
    #[cfg(ossl110)]
    pub fn EC_GROUP_order_bits(group: *const EC_GROUP) -> c_int;
-    pub fn EC_GROUP_new_curve_GFp(
+    pub fn EC_GROUP_new_curve_GFp(p: *const BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> *mut EC_GROUP;
        p: *const BIGNUM,
        a: *const BIGNUM,
        b: *const BIGNUM,
        ctx: *mut BN_CTX,
    ) -> *mut EC_GROUP;
    #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
-    pub fn EC_GROUP_new_curve_GF2m(
+    pub fn EC_GROUP_new_curve_GF2m(p: *const BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> *mut EC_GROUP;
        p: *const BIGNUM,
        a: *const BIGNUM,
        b: *const BIGNUM,
        ctx: *mut BN_CTX,
    ) -> *mut EC_GROUP;
    pub fn EC_GROUP_new_by_curve_name(nid: c_int) -> *mut EC_GROUP;
    pub fn EC_POINT_is_at_infinity(group: *const EC_GROUP, point: *const EC_POINT) -> c_int;
-    pub fn EC_POINT_is_on_curve(
+    pub fn EC_POINT_is_on_curve(group: *const EC_GROUP, point: *const EC_POINT, ctx: *mut BN_CTX) -> c_int;
        group: *const EC_GROUP,
        point: *const EC_POINT,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn EC_POINT_new(group: *const EC_GROUP) -> *mut EC_POINT;
@ -100,21 +61,10 @@ extern "C" {
    pub fn EC_POINT_dup(p: *const EC_POINT, group: *const EC_GROUP) -> *mut EC_POINT;
    #[cfg(ossl111)]
-    pub fn EC_POINT_get_affine_coordinates(
+    pub fn EC_POINT_get_affine_coordinates(group: *const EC_GROUP, p: *const EC_POINT, x: *mut BIGNUM, y: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int;
        group: *const EC_GROUP,
        p: *const EC_POINT,
        x: *mut BIGNUM,
        y: *mut BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
-    pub fn EC_POINT_get_affine_coordinates_GFp(
+    pub fn EC_POINT_get_affine_coordinates_GFp(group: *const EC_GROUP, p: *const EC_POINT, x: *mut BIGNUM, y: *mut BIGNUM, ctx: *mut BN_CTX)
-        group: *const EC_GROUP,
+        -> c_int;
        p: *const EC_POINT,
        x: *mut BIGNUM,
        y: *mut BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn EC_POINT_set_affine_coordinates_GFp(
        group: *const EC_GROUP,
@ -142,39 +92,15 @@ extern "C" {
        ctx: *mut BN_CTX,
    ) -> size_t;
-    pub fn EC_POINT_oct2point(
+    pub fn EC_POINT_oct2point(group: *const EC_GROUP, p: *mut EC_POINT, buf: *const c_uchar, len: size_t, ctx: *mut BN_CTX) -> c_int;
        group: *const EC_GROUP,
        p: *mut EC_POINT,
        buf: *const c_uchar,
        len: size_t,
        ctx: *mut BN_CTX,
    ) -> c_int;
-    pub fn EC_POINT_add(
+    pub fn EC_POINT_add(group: *const EC_GROUP, r: *mut EC_POINT, a: *const EC_POINT, b: *const EC_POINT, ctx: *mut BN_CTX) -> c_int;
        group: *const EC_GROUP,
        r: *mut EC_POINT,
        a: *const EC_POINT,
        b: *const EC_POINT,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn EC_POINT_invert(group: *const EC_GROUP, r: *mut EC_POINT, ctx: *mut BN_CTX) -> c_int;
-    pub fn EC_POINT_cmp(
+    pub fn EC_POINT_cmp(group: *const EC_GROUP, a: *const EC_POINT, b: *const EC_POINT, ctx: *mut BN_CTX) -> c_int;
        group: *const EC_GROUP,
        a: *const EC_POINT,
        b: *const EC_POINT,
        ctx: *mut BN_CTX,
    ) -> c_int;
-    pub fn EC_POINT_mul(
+    pub fn EC_POINT_mul(group: *const EC_GROUP, r: *mut EC_POINT, n: *const BIGNUM, q: *const EC_POINT, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
        group: *const EC_GROUP,
        r: *mut EC_POINT,
        n: *const BIGNUM,
        q: *const EC_POINT,
        m: *const BIGNUM,
        ctx: *mut BN_CTX,
    ) -> c_int;
    pub fn EC_KEY_new() -> *mut EC_KEY;
@ -202,11 +128,7 @@ extern "C" {
    pub fn EC_KEY_check_key(key: *const EC_KEY) -> c_int;
-    pub fn EC_KEY_set_public_key_affine_coordinates(
+    pub fn EC_KEY_set_public_key_affine_coordinates(key: *mut EC_KEY, x: *mut BIGNUM, y: *mut BIGNUM) -> c_int;
        key: *mut EC_KEY,
        x: *mut BIGNUM,
        y: *mut BIGNUM,
    ) -> c_int;
 }
 cfg_if! {
@ -232,24 +154,11 @@ extern "C" {
    #[cfg(any(ossl110, libressl273))]
    pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int;
-    pub fn ECDSA_do_sign(
+    pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut EC_KEY) -> *mut ECDSA_SIG;
        dgst: *const c_uchar,
        dgst_len: c_int,
        eckey: *mut EC_KEY,
    ) -> *mut ECDSA_SIG;
-    pub fn ECDSA_do_verify(
+    pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int, sig: *const ECDSA_SIG, eckey: *mut EC_KEY) -> c_int;
        dgst: *const c_uchar,
        dgst_len: c_int,
        sig: *const ECDSA_SIG,
        eckey: *mut EC_KEY,
    ) -> c_int;
-    pub fn d2i_ECDSA_SIG(
+    pub fn d2i_ECDSA_SIG(sig: *mut *mut ECDSA_SIG, inp: *mut *const c_uchar, length: c_long) -> *mut ECDSA_SIG;
        sig: *mut *mut ECDSA_SIG,
        inp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut ECDSA_SIG;
    pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, out: *mut *mut c_uchar) -> c_int;
 }
--- a/openssl-sys/src/handwritten/err.rs
+++ b/openssl-sys/src/handwritten/err.rs
@ -33,12 +33,7 @@ extern "C" {
        data: *mut *const c_char,
        flags: *mut c_int,
    ) -> c_ulong;
-    pub fn ERR_get_error_line_data(
+    pub fn ERR_get_error_line_data(file: *mut *const c_char, line: *mut c_int, data: *mut *const c_char, flags: *mut c_int) -> c_ulong;
        file: *mut *const c_char,
        line: *mut c_int,
        data: *mut *const c_char,
        flags: *mut c_int,
    ) -> c_ulong;
    pub fn ERR_peek_last_error() -> c_ulong;
    pub fn ERR_clear_error();
    pub fn ERR_lib_error_string(err: c_ulong) -> *const c_char;
--- a/openssl-sys/src/handwritten/evp.rs
+++ b/openssl-sys/src/handwritten/evp.rs
@ -66,8 +66,7 @@ cfg_if! {
 }
 extern "C" {
-    pub fn EVP_DigestInit_ex(ctx: *mut EVP_MD_CTX, typ: *const EVP_MD, imple: *mut ENGINE)
+    pub fn EVP_DigestInit_ex(ctx: *mut EVP_MD_CTX, typ: *const EVP_MD, imple: *mut ENGINE) -> c_int;
        -> c_int;
    pub fn EVP_DigestUpdate(ctx: *mut EVP_MD_CTX, data: *const c_void, n: size_t) -> c_int;
    pub fn EVP_DigestFinal_ex(ctx: *mut EVP_MD_CTX, res: *mut u8, n: *mut u32) -> c_int;
    #[cfg(ossl300)]
@ -86,11 +85,7 @@ extern "C" {
    pub fn EVP_DigestFinalXOF(ctx: *mut EVP_MD_CTX, res: *mut u8, len: usize) -> c_int;
    #[cfg(ossl300)]
-    pub fn EVP_MD_fetch(
+    pub fn EVP_MD_fetch(ctx: *mut OSSL_LIB_CTX, algorithm: *const c_char, properties: *const c_char) -> *mut EVP_MD;
        ctx: *mut OSSL_LIB_CTX,
        algorithm: *const c_char,
        properties: *const c_char,
    ) -> *mut EVP_MD;
    #[cfg(ossl300)]
    pub fn EVP_MD_free(md: *mut EVP_MD);
@ -106,13 +101,7 @@ extern "C" {
        iv: *mut u8,
    ) -> c_int;
-    pub fn EVP_CipherInit(
+    pub fn EVP_CipherInit(ctx: *mut EVP_CIPHER_CTX, evp: *const EVP_CIPHER, key: *const u8, iv: *const u8, mode: c_int) -> c_int;
        ctx: *mut EVP_CIPHER_CTX,
        evp: *const EVP_CIPHER,
        key: *const u8,
        iv: *const u8,
        mode: c_int,
    ) -> c_int;
    pub fn EVP_CipherInit_ex(
        ctx: *mut EVP_CIPHER_CTX,
        type_: *const EVP_CIPHER,
@ -121,30 +110,15 @@ extern "C" {
        iv: *const c_uchar,
        enc: c_int,
    ) -> c_int;
-    pub fn EVP_CipherUpdate(
+    pub fn EVP_CipherUpdate(ctx: *mut EVP_CIPHER_CTX, outbuf: *mut u8, outlen: *mut c_int, inbuf: *const u8, inlen: c_int) -> c_int;
        ctx: *mut EVP_CIPHER_CTX,
        outbuf: *mut u8,
        outlen: *mut c_int,
        inbuf: *const u8,
        inlen: c_int,
    ) -> c_int;
    pub fn EVP_CipherFinal(ctx: *mut EVP_CIPHER_CTX, res: *mut u8, len: *mut c_int) -> c_int;
-    pub fn EVP_DigestSignInit(
+    pub fn EVP_DigestSignInit(ctx: *mut EVP_MD_CTX, pctx: *mut *mut EVP_PKEY_CTX, type_: *const EVP_MD, e: *mut ENGINE, pkey: *mut EVP_PKEY)
-        ctx: *mut EVP_MD_CTX,
+        -> c_int;
        pctx: *mut *mut EVP_PKEY_CTX,
        type_: *const EVP_MD,
        e: *mut ENGINE,
        pkey: *mut EVP_PKEY,
    ) -> c_int;
    #[cfg(ossl300)]
    pub fn EVP_DigestSignUpdate(ctx: *mut EVP_MD_CTX, data: *const c_void, dsize: size_t) -> c_int;
-    pub fn EVP_DigestSignFinal(
+    pub fn EVP_DigestSignFinal(ctx: *mut EVP_MD_CTX, sig: *mut c_uchar, siglen: *mut size_t) -> c_int;
        ctx: *mut EVP_MD_CTX,
        sig: *mut c_uchar,
        siglen: *mut size_t,
    ) -> c_int;
    pub fn EVP_DigestVerifyInit(
        ctx: *mut EVP_MD_CTX,
        pctx: *mut *mut EVP_PKEY_CTX,
@ -153,11 +127,7 @@ extern "C" {
        pkey: *mut EVP_PKEY,
    ) -> c_int;
    #[cfg(ossl300)]
-    pub fn EVP_DigestVerifyUpdate(
+    pub fn EVP_DigestVerifyUpdate(ctx: *mut EVP_MD_CTX, data: *const c_void, dsize: size_t) -> c_int;
        ctx: *mut EVP_MD_CTX,
        data: *const c_void,
        dsize: size_t,
    ) -> c_int;
    pub fn EVP_SealInit(
        ctx: *mut EVP_CIPHER_CTX,
        type_: *const EVP_CIPHER,
@ -175,18 +145,8 @@ extern "C" {
        key: *const c_uchar,
        iv: *const c_uchar,
    ) -> c_int;
-    pub fn EVP_EncryptUpdate(
+    pub fn EVP_EncryptUpdate(ctx: *mut EVP_CIPHER_CTX, out: *mut c_uchar, outl: *mut c_int, in_: *const u8, inl: c_int) -> c_int;
-        ctx: *mut EVP_CIPHER_CTX,
+    pub fn EVP_EncryptFinal_ex(ctx: *mut EVP_CIPHER_CTX, out: *mut c_uchar, outl: *mut c_int) -> c_int;
        out: *mut c_uchar,
        outl: *mut c_int,
        in_: *const u8,
        inl: c_int,
    ) -> c_int;
    pub fn EVP_EncryptFinal_ex(
        ctx: *mut EVP_CIPHER_CTX,
        out: *mut c_uchar,
        outl: *mut c_int,
    ) -> c_int;
    pub fn EVP_OpenInit(
        ctx: *mut EVP_CIPHER_CTX,
        type_: *const EVP_CIPHER,
@ -203,18 +163,8 @@ extern "C" {
        key: *const c_uchar,
        iv: *const c_uchar,
    ) -> c_int;
-    pub fn EVP_DecryptUpdate(
+    pub fn EVP_DecryptUpdate(ctx: *mut EVP_CIPHER_CTX, out: *mut c_uchar, outl: *mut c_int, in_: *const u8, inl: c_int) -> c_int;
-        ctx: *mut EVP_CIPHER_CTX,
+    pub fn EVP_DecryptFinal_ex(ctx: *mut EVP_CIPHER_CTX, outm: *mut c_uchar, outl: *mut c_int) -> c_int;
        out: *mut c_uchar,
        outl: *mut c_int,
        in_: *const u8,
        inl: c_int,
    ) -> c_int;
    pub fn EVP_DecryptFinal_ex(
        ctx: *mut EVP_CIPHER_CTX,
        outm: *mut c_uchar,
        outl: *mut c_int,
    ) -> c_int;
 }
 cfg_if! {
    if #[cfg(ossl300)] {
@ -268,12 +218,7 @@ extern "C" {
    pub fn EVP_MD_CTX_reset(ctx: *mut EVP_MD_CTX) -> c_int;
    pub fn EVP_CIPHER_CTX_set_key_length(ctx: *mut EVP_CIPHER_CTX, keylen: c_int) -> c_int;
    pub fn EVP_CIPHER_CTX_set_padding(ctx: *mut EVP_CIPHER_CTX, padding: c_int) -> c_int;
-    pub fn EVP_CIPHER_CTX_ctrl(
+    pub fn EVP_CIPHER_CTX_ctrl(ctx: *mut EVP_CIPHER_CTX, type_: c_int, arg: c_int, ptr: *mut c_void) -> c_int;
        ctx: *mut EVP_CIPHER_CTX,
        type_: c_int,
        arg: c_int,
        ptr: *mut c_void,
    ) -> c_int;
    pub fn EVP_CIPHER_CTX_rand_key(ctx: *mut EVP_CIPHER_CTX, key: *mut c_uchar) -> c_int;
    pub fn EVP_md_null() -> *const EVP_MD;
@ -447,11 +392,7 @@ extern "C" {
    #[cfg(any(ossl110, libressl270))]
    pub fn EVP_PKEY_up_ref(pkey: *mut EVP_PKEY) -> c_int;
-    pub fn d2i_AutoPrivateKey(
+    pub fn d2i_AutoPrivateKey(a: *mut *mut EVP_PKEY, pp: *mut *const c_uchar, length: c_long) -> *mut EVP_PKEY;
        a: *mut *mut EVP_PKEY,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut EVP_PKEY;
    pub fn EVP_PKEY_cmp(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int;
@ -495,68 +436,27 @@ extern "C" {
    pub fn EVP_PKEY_CTX_new_id(id: c_int, e: *mut ENGINE) -> *mut EVP_PKEY_CTX;
    pub fn EVP_PKEY_CTX_free(ctx: *mut EVP_PKEY_CTX);
-    pub fn EVP_PKEY_CTX_ctrl(
+    pub fn EVP_PKEY_CTX_ctrl(ctx: *mut EVP_PKEY_CTX, keytype: c_int, optype: c_int, cmd: c_int, p1: c_int, p2: *mut c_void) -> c_int;
        ctx: *mut EVP_PKEY_CTX,
        keytype: c_int,
        optype: c_int,
        cmd: c_int,
        p1: c_int,
        p2: *mut c_void,
    ) -> c_int;
-    pub fn EVP_PKEY_new_mac_key(
+    pub fn EVP_PKEY_new_mac_key(type_: c_int, e: *mut ENGINE, key: *const c_uchar, keylen: c_int) -> *mut EVP_PKEY;
        type_: c_int,
        e: *mut ENGINE,
        key: *const c_uchar,
        keylen: c_int,
    ) -> *mut EVP_PKEY;
    pub fn EVP_PKEY_derive_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
    pub fn EVP_PKEY_derive_set_peer(ctx: *mut EVP_PKEY_CTX, peer: *mut EVP_PKEY) -> c_int;
    pub fn EVP_PKEY_derive(ctx: *mut EVP_PKEY_CTX, key: *mut c_uchar, size: *mut size_t) -> c_int;
    #[cfg(ossl300)]
-    pub fn EVP_PKEY_Q_keygen(
+    pub fn EVP_PKEY_Q_keygen(libctx: *mut OSSL_LIB_CTX, propq: *const c_char, type_: *const c_char, ...) -> *mut EVP_PKEY;
        libctx: *mut OSSL_LIB_CTX,
        propq: *const c_char,
        type_: *const c_char,
        ...
    ) -> *mut EVP_PKEY;
    pub fn EVP_PKEY_keygen_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
    pub fn EVP_PKEY_keygen(ctx: *mut EVP_PKEY_CTX, key: *mut *mut EVP_PKEY) -> c_int;
    pub fn EVP_PKEY_sign_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
-    pub fn EVP_PKEY_sign(
+    pub fn EVP_PKEY_sign(ctx: *mut EVP_PKEY_CTX, sig: *mut c_uchar, siglen: *mut size_t, tbs: *const c_uchar, tbslen: size_t) -> c_int;
        ctx: *mut EVP_PKEY_CTX,
        sig: *mut c_uchar,
        siglen: *mut size_t,
        tbs: *const c_uchar,
        tbslen: size_t,
    ) -> c_int;
    pub fn EVP_PKEY_verify_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
-    pub fn EVP_PKEY_verify(
+    pub fn EVP_PKEY_verify(ctx: *mut EVP_PKEY_CTX, sig: *const c_uchar, siglen: size_t, tbs: *const c_uchar, tbslen: size_t) -> c_int;
        ctx: *mut EVP_PKEY_CTX,
        sig: *const c_uchar,
        siglen: size_t,
        tbs: *const c_uchar,
        tbslen: size_t,
    ) -> c_int;
    pub fn EVP_PKEY_encrypt_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
-    pub fn EVP_PKEY_encrypt(
+    pub fn EVP_PKEY_encrypt(ctx: *mut EVP_PKEY_CTX, pout: *mut c_uchar, poutlen: *mut size_t, pin: *const c_uchar, pinlen: size_t) -> c_int;
        ctx: *mut EVP_PKEY_CTX,
        pout: *mut c_uchar,
        poutlen: *mut size_t,
        pin: *const c_uchar,
        pinlen: size_t,
    ) -> c_int;
    pub fn EVP_PKEY_decrypt_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
-    pub fn EVP_PKEY_decrypt(
+    pub fn EVP_PKEY_decrypt(ctx: *mut EVP_PKEY_CTX, pout: *mut c_uchar, poutlen: *mut size_t, pin: *const c_uchar, pinlen: size_t) -> c_int;
        ctx: *mut EVP_PKEY_CTX,
        pout: *mut c_uchar,
        poutlen: *mut size_t,
        pin: *const c_uchar,
        pinlen: size_t,
    ) -> c_int;
 }
 const_ptr_api! {
--- a/openssl-sys/src/handwritten/hmac.rs
+++ b/openssl-sys/src/handwritten/hmac.rs
@ -17,13 +17,7 @@ cfg_if! {
 }
 extern "C" {
-    pub fn HMAC_Init_ex(
+    pub fn HMAC_Init_ex(ctx: *mut HMAC_CTX, key: *const c_void, len: c_int, md: *const EVP_MD, impl_: *mut ENGINE) -> c_int;
        ctx: *mut HMAC_CTX,
        key: *const c_void,
        len: c_int,
        md: *const EVP_MD,
        impl_: *mut ENGINE,
    ) -> c_int;
    pub fn HMAC_Update(ctx: *mut HMAC_CTX, data: *const c_uchar, len: size_t) -> c_int;
    pub fn HMAC_Final(ctx: *mut HMAC_CTX, md: *mut c_uchar, len: *mut c_uint) -> c_int;
    pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *mut HMAC_CTX) -> c_int;
--- a/openssl-sys/src/handwritten/object.rs
+++ b/openssl-sys/src/handwritten/object.rs
@ -7,22 +7,12 @@ extern "C" {
    pub fn OBJ_nid2sn(nid: c_int) -> *const c_char;
    pub fn OBJ_nid2obj(n: c_int) -> *mut ASN1_OBJECT;
    pub fn OBJ_obj2nid(o: *const ASN1_OBJECT) -> c_int;
-    pub fn OBJ_obj2txt(
+    pub fn OBJ_obj2txt(buf: *mut c_char, buf_len: c_int, a: *const ASN1_OBJECT, no_name: c_int) -> c_int;
        buf: *mut c_char,
        buf_len: c_int,
        a: *const ASN1_OBJECT,
        no_name: c_int,
    ) -> c_int;
-    pub fn OBJ_find_sigid_algs(signid: c_int, pdig_nid: *mut c_int, ppkey_nid: *mut c_int)
+    pub fn OBJ_find_sigid_algs(signid: c_int, pdig_nid: *mut c_int, ppkey_nid: *mut c_int) -> c_int;
        -> c_int;
    pub fn OBJ_sn2nid(sn: *const libc::c_char) -> libc::c_int;
    pub fn OBJ_txt2obj(s: *const libc::c_char, no_name: libc::c_int) -> *mut ASN1_OBJECT;
-    pub fn OBJ_create(
+    pub fn OBJ_create(oid: *const libc::c_char, sn: *const libc::c_char, ln: *const libc::c_char) -> c_int;
        oid: *const libc::c_char,
        sn: *const libc::c_char,
        ln: *const libc::c_char,
    ) -> c_int;
    #[cfg(ossl111)]
    pub fn OBJ_length(obj: *const ASN1_OBJECT) -> libc::size_t;
    #[cfg(ossl111)]
--- a/openssl-sys/src/handwritten/ocsp.rs
+++ b/openssl-sys/src/handwritten/ocsp.rs
@ -31,12 +31,7 @@ extern "C" {
        thisupd: *mut *mut ASN1_GENERALIZEDTIME,
        nextupd: *mut *mut ASN1_GENERALIZEDTIME,
    ) -> c_int;
-    pub fn OCSP_check_validity(
+    pub fn OCSP_check_validity(thisupd: *mut ASN1_GENERALIZEDTIME, nextupd: *mut ASN1_GENERALIZEDTIME, sec: c_long, maxsec: c_long) -> c_int;
        thisupd: *mut ASN1_GENERALIZEDTIME,
        nextupd: *mut ASN1_GENERALIZEDTIME,
        sec: c_long,
        maxsec: c_long,
    ) -> c_int;
    pub fn OCSP_response_status(resp: *mut OCSP_RESPONSE) -> c_int;
    pub fn OCSP_response_get1_basic(resp: *mut OCSP_RESPONSE) -> *mut OCSP_BASICRESP;
@ -56,11 +51,7 @@ const_ptr_api! {
 }
 extern "C" {
-    pub fn d2i_OCSP_RESPONSE(
+    pub fn d2i_OCSP_RESPONSE(a: *mut *mut OCSP_RESPONSE, pp: *mut *const c_uchar, length: c_long) -> *mut OCSP_RESPONSE;
        a: *mut *mut OCSP_RESPONSE,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut OCSP_RESPONSE;
    pub fn OCSP_ONEREQ_free(r: *mut OCSP_ONEREQ);
    pub fn OCSP_CERTID_free(id: *mut OCSP_CERTID);
    pub fn OCSP_REQUEST_new() -> *mut OCSP_REQUEST;
@ -74,16 +65,7 @@ const_ptr_api! {
 }
 extern "C" {
-    pub fn d2i_OCSP_REQUEST(
+    pub fn d2i_OCSP_REQUEST(a: *mut *mut OCSP_REQUEST, pp: *mut *const c_uchar, length: c_long) -> *mut OCSP_REQUEST;
        a: *mut *mut OCSP_REQUEST,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut OCSP_REQUEST;
-    pub fn OCSP_basic_verify(
+    pub fn OCSP_basic_verify(bs: *mut OCSP_BASICRESP, certs: *mut stack_st_X509, st: *mut X509_STORE, flags: c_ulong) -> c_int;
        bs: *mut OCSP_BASICRESP,
        certs: *mut stack_st_X509,
        st: *mut X509_STORE,
        flags: c_ulong,
    ) -> c_int;
 }
--- a/openssl-sys/src/handwritten/pem.rs
+++ b/openssl-sys/src/handwritten/pem.rs
@ -1,14 +1,7 @@
 use super::super::*;
 use libc::*;
-pub type pem_password_cb = Option<
+pub type pem_password_cb = Option<unsafe extern "C" fn(buf: *mut c_char, size: c_int, rwflag: c_int, user_data: *mut c_void) -> c_int>;
    unsafe extern "C" fn(
        buf: *mut c_char,
        size: c_int,
        rwflag: c_int,
        user_data: *mut c_void,
    ) -> c_int,
 >;
 const_ptr_api! {
    extern "C" {
@ -78,114 +71,31 @@ const_ptr_api! {
 }
 extern "C" {
-    pub fn PEM_read_bio_X509(
+    pub fn PEM_read_bio_X509(bio: *mut BIO, out: *mut *mut X509, callback: pem_password_cb, user_data: *mut c_void) -> *mut X509;
-        bio: *mut BIO,
+    pub fn PEM_read_bio_X509_REQ(bio: *mut BIO, out: *mut *mut X509_REQ, callback: pem_password_cb, user_data: *mut c_void) -> *mut X509_REQ;
-        out: *mut *mut X509,
+    pub fn PEM_read_bio_X509_CRL(bio: *mut BIO, out: *mut *mut X509_CRL, callback: pem_password_cb, user_data: *mut c_void) -> *mut X509_CRL;
-        callback: pem_password_cb,
+    pub fn PEM_read_bio_RSAPrivateKey(bio: *mut BIO, rsa: *mut *mut RSA, callback: pem_password_cb, user_data: *mut c_void) -> *mut RSA;
-        user_data: *mut c_void,
+    pub fn PEM_read_bio_RSAPublicKey(bio: *mut BIO, rsa: *mut *mut RSA, callback: pem_password_cb, user_data: *mut c_void) -> *mut RSA;
    ) -> *mut X509;
    pub fn PEM_read_bio_X509_REQ(
        bio: *mut BIO,
        out: *mut *mut X509_REQ,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut X509_REQ;
    pub fn PEM_read_bio_X509_CRL(
        bio: *mut BIO,
        out: *mut *mut X509_CRL,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut X509_CRL;
    pub fn PEM_read_bio_RSAPrivateKey(
        bio: *mut BIO,
        rsa: *mut *mut RSA,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut RSA;
    pub fn PEM_read_bio_RSAPublicKey(
        bio: *mut BIO,
        rsa: *mut *mut RSA,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut RSA;
    pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *const RSA) -> c_int;
-    pub fn PEM_read_bio_RSA_PUBKEY(
+    pub fn PEM_read_bio_RSA_PUBKEY(bio: *mut BIO, rsa: *mut *mut RSA, callback: pem_password_cb, user_data: *mut c_void) -> *mut RSA;
-        bio: *mut BIO,
+    pub fn PEM_read_bio_DSAPrivateKey(bp: *mut BIO, dsa: *mut *mut DSA, callback: pem_password_cb, user_data: *mut c_void) -> *mut DSA;
-        rsa: *mut *mut RSA,
+    pub fn PEM_read_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *mut *mut DSA, callback: pem_password_cb, user_data: *mut c_void) -> *mut DSA;
-        callback: pem_password_cb,
+    pub fn PEM_read_bio_ECPrivateKey(bio: *mut BIO, key: *mut *mut EC_KEY, callback: pem_password_cb, user_data: *mut c_void) -> *mut EC_KEY;
-        user_data: *mut c_void,
+    pub fn PEM_read_bio_EC_PUBKEY(bp: *mut BIO, ec: *mut *mut EC_KEY, callback: pem_password_cb, user_data: *mut c_void) -> *mut EC_KEY;
-    ) -> *mut RSA;
+    pub fn PEM_read_bio_DHparams(bio: *mut BIO, out: *mut *mut DH, callback: pem_password_cb, user_data: *mut c_void) -> *mut DH;
    pub fn PEM_read_bio_DSAPrivateKey(
        bp: *mut BIO,
        dsa: *mut *mut DSA,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut DSA;
    pub fn PEM_read_bio_DSA_PUBKEY(
        bp: *mut BIO,
        dsa: *mut *mut DSA,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut DSA;
    pub fn PEM_read_bio_ECPrivateKey(
        bio: *mut BIO,
        key: *mut *mut EC_KEY,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut EC_KEY;
    pub fn PEM_read_bio_EC_PUBKEY(
        bp: *mut BIO,
        ec: *mut *mut EC_KEY,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut EC_KEY;
    pub fn PEM_read_bio_DHparams(
        bio: *mut BIO,
        out: *mut *mut DH,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut DH;
    pub fn PEM_write_bio_DHparams(bio: *mut BIO, x: *const DH) -> c_int;
-    pub fn PEM_read_bio_PrivateKey(
+    pub fn PEM_read_bio_PrivateKey(bio: *mut BIO, out: *mut *mut EVP_PKEY, callback: pem_password_cb, user_data: *mut c_void) -> *mut EVP_PKEY;
-        bio: *mut BIO,
+    pub fn PEM_read_bio_PUBKEY(bio: *mut BIO, out: *mut *mut EVP_PKEY, callback: pem_password_cb, user_data: *mut c_void) -> *mut EVP_PKEY;
        out: *mut *mut EVP_PKEY,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut EVP_PKEY;
    pub fn PEM_read_bio_PUBKEY(
        bio: *mut BIO,
        out: *mut *mut EVP_PKEY,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut EVP_PKEY;
-    pub fn d2i_PKCS8PrivateKey_bio(
+    pub fn d2i_PKCS8PrivateKey_bio(bp: *mut BIO, x: *mut *mut EVP_PKEY, cb: pem_password_cb, u: *mut c_void) -> *mut EVP_PKEY;
-        bp: *mut BIO,
+    pub fn d2i_PKCS8_PRIV_KEY_INFO(k: *mut *mut PKCS8_PRIV_KEY_INFO, buf: *mut *const u8, length: c_long) -> *mut PKCS8_PRIV_KEY_INFO;
        x: *mut *mut EVP_PKEY,
        cb: pem_password_cb,
        u: *mut c_void,
    ) -> *mut EVP_PKEY;
    pub fn d2i_PKCS8_PRIV_KEY_INFO(
        k: *mut *mut PKCS8_PRIV_KEY_INFO,
        buf: *mut *const u8,
        length: c_long,
    ) -> *mut PKCS8_PRIV_KEY_INFO;
    pub fn PKCS8_PRIV_KEY_INFO_free(p8inf: *mut PKCS8_PRIV_KEY_INFO);
-    pub fn PEM_read_bio_PKCS7(
+    pub fn PEM_read_bio_PKCS7(bio: *mut BIO, out: *mut *mut PKCS7, cb: pem_password_cb, u: *mut c_void) -> *mut PKCS7;
        bio: *mut BIO,
        out: *mut *mut PKCS7,
        cb: pem_password_cb,
        u: *mut c_void,
    ) -> *mut PKCS7;
    #[cfg(ossl101)]
-    pub fn PEM_read_bio_CMS(
+    pub fn PEM_read_bio_CMS(bio: *mut BIO, out: *mut *mut CMS_ContentInfo, callback: pem_password_cb, user_data: *mut c_void)
-        bio: *mut BIO,
+        -> *mut CMS_ContentInfo;
        out: *mut *mut CMS_ContentInfo,
        callback: pem_password_cb,
        user_data: *mut c_void,
    ) -> *mut CMS_ContentInfo;
    #[cfg(ossl101)]
    pub fn PEM_write_bio_CMS(bio: *mut BIO, cms: *const CMS_ContentInfo) -> c_int;
 }
--- a/openssl-sys/src/handwritten/pkcs12.rs
+++ b/openssl-sys/src/handwritten/pkcs12.rs
@ -15,13 +15,7 @@ const_ptr_api! {
 extern "C" {
    pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: c_long) -> *mut PKCS12;
-    pub fn PKCS12_parse(
+    pub fn PKCS12_parse(p12: *mut PKCS12, pass: *const c_char, pkey: *mut *mut EVP_PKEY, cert: *mut *mut X509, ca: *mut *mut stack_st_X509) -> c_int;
        p12: *mut PKCS12,
        pass: *const c_char,
        pkey: *mut *mut EVP_PKEY,
        cert: *mut *mut X509,
        ca: *mut *mut stack_st_X509,
    ) -> c_int;
    pub fn PKCS12_set_mac(
        p12: *mut PKCS12,
--- a/openssl-sys/src/handwritten/pkcs7.rs
+++ b/openssl-sys/src/handwritten/pkcs7.rs
@ -19,52 +19,20 @@ const_ptr_api! {
 }
 extern "C" {
-    pub fn PKCS7_encrypt(
+    pub fn PKCS7_encrypt(certs: *mut stack_st_X509, b: *mut BIO, cipher: *const EVP_CIPHER, flags: c_int) -> *mut PKCS7;
        certs: *mut stack_st_X509,
        b: *mut BIO,
        cipher: *const EVP_CIPHER,
        flags: c_int,
    ) -> *mut PKCS7;
-    pub fn PKCS7_verify(
+    pub fn PKCS7_verify(pkcs7: *mut PKCS7, certs: *mut stack_st_X509, store: *mut X509_STORE, indata: *mut BIO, out: *mut BIO, flags: c_int)
-        pkcs7: *mut PKCS7,
+        -> c_int;
        certs: *mut stack_st_X509,
        store: *mut X509_STORE,
        indata: *mut BIO,
        out: *mut BIO,
        flags: c_int,
    ) -> c_int;
-    pub fn PKCS7_get0_signers(
+    pub fn PKCS7_get0_signers(pkcs7: *mut PKCS7, certs: *mut stack_st_X509, flags: c_int) -> *mut stack_st_X509;
        pkcs7: *mut PKCS7,
        certs: *mut stack_st_X509,
        flags: c_int,
    ) -> *mut stack_st_X509;
-    pub fn PKCS7_sign(
+    pub fn PKCS7_sign(signcert: *mut X509, pkey: *mut EVP_PKEY, certs: *mut stack_st_X509, data: *mut BIO, flags: c_int) -> *mut PKCS7;
        signcert: *mut X509,
        pkey: *mut EVP_PKEY,
        certs: *mut stack_st_X509,
        data: *mut BIO,
        flags: c_int,
    ) -> *mut PKCS7;
-    pub fn PKCS7_decrypt(
+    pub fn PKCS7_decrypt(pkcs7: *mut PKCS7, pkey: *mut EVP_PKEY, cert: *mut X509, data: *mut BIO, flags: c_int) -> c_int;
        pkcs7: *mut PKCS7,
        pkey: *mut EVP_PKEY,
        cert: *mut X509,
        data: *mut BIO,
        flags: c_int,
    ) -> c_int;
    pub fn PKCS7_free(pkcs7: *mut PKCS7);
-    pub fn SMIME_write_PKCS7(
+    pub fn SMIME_write_PKCS7(out: *mut BIO, pkcs7: *mut PKCS7, data: *mut BIO, flags: c_int) -> c_int;
        out: *mut BIO,
        pkcs7: *mut PKCS7,
        data: *mut BIO,
        flags: c_int,
    ) -> c_int;
    pub fn SMIME_read_PKCS7(bio: *mut BIO, bcont: *mut *mut BIO) -> *mut PKCS7;
 }
--- a/openssl-sys/src/handwritten/provider.rs
+++ b/openssl-sys/src/handwritten/provider.rs
@ -5,16 +5,9 @@ extern "C" {
    #[cfg(ossl300)]
    pub fn OSSL_PROVIDER_load(ctx: *mut OSSL_LIB_CTX, name: *const c_char) -> *mut OSSL_PROVIDER;
    #[cfg(ossl300)]
-    pub fn OSSL_PROVIDER_try_load(
+    pub fn OSSL_PROVIDER_try_load(ctx: *mut OSSL_LIB_CTX, name: *const c_char, retain_fallbacks: c_int) -> *mut OSSL_PROVIDER;
        ctx: *mut OSSL_LIB_CTX,
        name: *const c_char,
        retain_fallbacks: c_int,
    ) -> *mut OSSL_PROVIDER;
    #[cfg(ossl300)]
    pub fn OSSL_PROVIDER_unload(prov: *mut OSSL_PROVIDER) -> c_int;
    #[cfg(ossl300)]
-    pub fn OSSL_PROVIDER_set_default_search_path(
+    pub fn OSSL_PROVIDER_set_default_search_path(ctx: *mut OSSL_LIB_CTX, path: *const c_char) -> c_int;
        ctx: *mut OSSL_LIB_CTX,
        path: *const c_char,
    ) -> c_int;
 }
--- a/openssl-sys/src/handwritten/rsa.rs
+++ b/openssl-sys/src/handwritten/rsa.rs
@ -22,72 +22,23 @@ extern "C" {
    #[cfg(any(ossl110, libressl273))]
    pub fn RSA_set0_factors(r: *mut RSA, p: *mut BIGNUM, q: *mut BIGNUM) -> c_int;
    #[cfg(any(ossl110, libressl273))]
-    pub fn RSA_set0_crt_params(
+    pub fn RSA_set0_crt_params(r: *mut RSA, dmp1: *mut BIGNUM, dmq1: *mut BIGNUM, iqmp: *mut BIGNUM) -> c_int;
        r: *mut RSA,
        dmp1: *mut BIGNUM,
        dmq1: *mut BIGNUM,
        iqmp: *mut BIGNUM,
    ) -> c_int;
    #[cfg(any(ossl110, libressl273))]
-    pub fn RSA_get0_key(
+    pub fn RSA_get0_key(r: *const RSA, n: *mut *const BIGNUM, e: *mut *const BIGNUM, d: *mut *const BIGNUM);
        r: *const RSA,
        n: *mut *const BIGNUM,
        e: *mut *const BIGNUM,
        d: *mut *const BIGNUM,
    );
    #[cfg(any(ossl110, libressl273))]
    pub fn RSA_get0_factors(r: *const RSA, p: *mut *const BIGNUM, q: *mut *const BIGNUM);
    #[cfg(any(ossl110, libressl273))]
-    pub fn RSA_get0_crt_params(
+    pub fn RSA_get0_crt_params(r: *const RSA, dmp1: *mut *const BIGNUM, dmq1: *mut *const BIGNUM, iqmp: *mut *const BIGNUM);
        r: *const RSA,
        dmp1: *mut *const BIGNUM,
        dmq1: *mut *const BIGNUM,
        iqmp: *mut *const BIGNUM,
    );
    #[cfg(not(ossl110))]
-    pub fn RSA_generate_key(
+    pub fn RSA_generate_key(modsz: c_int, e: c_ulong, cb: Option<extern "C" fn(c_int, c_int, *mut c_void)>, cbarg: *mut c_void) -> *mut RSA;
        modsz: c_int,
        e: c_ulong,
        cb: Option<extern "C" fn(c_int, c_int, *mut c_void)>,
        cbarg: *mut c_void,
    ) -> *mut RSA;
-    pub fn RSA_generate_key_ex(
+    pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *mut BN_GENCB) -> c_int;
        rsa: *mut RSA,
        bits: c_int,
        e: *mut BIGNUM,
        cb: *mut BN_GENCB,
    ) -> c_int;
-    pub fn RSA_public_encrypt(
+    pub fn RSA_public_encrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int) -> c_int;
-        flen: c_int,
+    pub fn RSA_private_encrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int) -> c_int;
-        from: *const u8,
+    pub fn RSA_public_decrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int) -> c_int;
-        to: *mut u8,
+    pub fn RSA_private_decrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int) -> c_int;
        k: *mut RSA,
        pad: c_int,
    ) -> c_int;
    pub fn RSA_private_encrypt(
        flen: c_int,
        from: *const u8,
        to: *mut u8,
        k: *mut RSA,
        pad: c_int,
    ) -> c_int;
    pub fn RSA_public_decrypt(
        flen: c_int,
        from: *const u8,
        to: *mut u8,
        k: *mut RSA,
        pad: c_int,
    ) -> c_int;
    pub fn RSA_private_decrypt(
        flen: c_int,
        from: *const u8,
        to: *mut u8,
        k: *mut RSA,
        pad: c_int,
    ) -> c_int;
    pub fn RSA_check_key(r: *const RSA) -> c_int;
    pub fn RSA_free(rsa: *mut RSA);
    pub fn RSA_up_ref(rsa: *mut RSA) -> c_int;
@ -97,28 +48,8 @@ extern "C" {
    pub fn i2d_RSAPrivateKey(k: *const RSA, buf: *mut *mut u8) -> c_int;
    pub fn d2i_RSAPrivateKey(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA;
-    pub fn RSA_sign(
+    pub fn RSA_sign(t: c_int, m: *const u8, mlen: c_uint, sig: *mut u8, siglen: *mut c_uint, k: *mut RSA) -> c_int;
-        t: c_int,
+    pub fn RSA_verify(t: c_int, m: *const u8, mlen: c_uint, sig: *const u8, siglen: c_uint, k: *mut RSA) -> c_int;
        m: *const u8,
        mlen: c_uint,
        sig: *mut u8,
        siglen: *mut c_uint,
        k: *mut RSA,
    ) -> c_int;
    pub fn RSA_verify(
        t: c_int,
        m: *const u8,
        mlen: c_uint,
        sig: *const u8,
        siglen: c_uint,
        k: *mut RSA,
    ) -> c_int;
-    pub fn RSA_padding_check_PKCS1_type_2(
+    pub fn RSA_padding_check_PKCS1_type_2(to: *mut c_uchar, tlen: c_int, f: *const c_uchar, fl: c_int, rsa_len: c_int) -> c_int;
        to: *mut c_uchar,
        tlen: c_int,
        f: *const c_uchar,
        fl: c_int,
        rsa_len: c_int,
    ) -> c_int;
 }
--- a/openssl-sys/src/handwritten/ssl.rs
+++ b/openssl-sys/src/handwritten/ssl.rs
@ -140,18 +140,9 @@ pub struct SRTP_PROTECTION_PROFILE {
 stack!(stack_st_SRTP_PROTECTION_PROFILE);
-pub type tls_session_ticket_ext_cb_fn =
+pub type tls_session_ticket_ext_cb_fn = Option<unsafe extern "C" fn(*mut SSL, *const c_uchar, c_int, *mut c_void) -> c_int>;
-    Option<unsafe extern "C" fn(*mut SSL, *const c_uchar, c_int, *mut c_void) -> c_int>;
+pub type tls_session_secret_cb_fn =
-pub type tls_session_secret_cb_fn = Option<
+    Option<unsafe extern "C" fn(*mut SSL, *mut c_void, *mut c_int, *mut stack_st_SSL_CIPHER, *mut *mut SSL_CIPHER, *mut c_void) -> c_int>;
    unsafe extern "C" fn(
        *mut SSL,
        *mut c_void,
        *mut c_int,
        *mut stack_st_SSL_CIPHER,
        *mut *mut SSL_CIPHER,
        *mut c_void,
    ) -> c_int,
 >;
 #[cfg(ossl111)]
 pub type SSL_custom_ext_add_cb_ex = Option<
@ -169,15 +160,8 @@ pub type SSL_custom_ext_add_cb_ex = Option<
 >;
 #[cfg(ossl111)]
-pub type SSL_custom_ext_free_cb_ex = Option<
+pub type SSL_custom_ext_free_cb_ex =
-    unsafe extern "C" fn(
+    Option<unsafe extern "C" fn(ssl: *mut SSL, ext_type: c_uint, context: c_uint, out: *const c_uchar, add_arg: *mut c_void)>;
        ssl: *mut SSL,
        ext_type: c_uint,
        context: c_uint,
        out: *const c_uchar,
        add_arg: *mut c_void,
    ),
 >;
 #[cfg(ossl111)]
 pub type SSL_custom_ext_parse_cb_ex = Option<
@ -210,18 +194,11 @@ cfg_if! {
    }
 }
-pub type GEN_SESSION_CB =
+pub type GEN_SESSION_CB = Option<unsafe extern "C" fn(*const SSL, *mut c_uchar, *mut c_uint) -> c_int>;
    Option<unsafe extern "C" fn(*const SSL, *mut c_uchar, *mut c_uint) -> c_int>;
 extern "C" {
-    pub fn SSL_CTX_sess_set_new_cb(
+    pub fn SSL_CTX_sess_set_new_cb(ctx: *mut SSL_CTX, new_session_cb: Option<unsafe extern "C" fn(*mut SSL, *mut SSL_SESSION) -> c_int>);
-        ctx: *mut SSL_CTX,
+    pub fn SSL_CTX_sess_set_remove_cb(ctx: *mut SSL_CTX, remove_session_cb: Option<unsafe extern "C" fn(*mut SSL_CTX, *mut SSL_SESSION)>);
        new_session_cb: Option<unsafe extern "C" fn(*mut SSL, *mut SSL_SESSION) -> c_int>,
    );
    pub fn SSL_CTX_sess_set_remove_cb(
        ctx: *mut SSL_CTX,
        remove_session_cb: Option<unsafe extern "C" fn(*mut SSL_CTX, *mut SSL_SESSION)>,
    );
 }
 cfg_if! {
    // const change in passed function pointer signature
@ -249,9 +226,7 @@ extern "C" {
    // FIXME change to unsafe extern "C" fn
    pub fn SSL_CTX_set_cookie_generate_cb(
        s: *mut SSL_CTX,
-        cb: Option<
+        cb: Option<extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint) -> c_int>,
            extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint) -> c_int,
        >,
    );
 }
@ -280,34 +255,17 @@ extern "C" {
    #[cfg(ossl111)]
    pub fn SSL_CTX_set_stateless_cookie_generate_cb(
        s: *mut SSL_CTX,
-        cb: Option<
+        cb: Option<unsafe extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut size_t) -> c_int>,
            unsafe extern "C" fn(
                ssl: *mut SSL,
                cookie: *mut c_uchar,
                cookie_len: *mut size_t,
            ) -> c_int,
        >,
    );
    #[cfg(ossl111)]
    pub fn SSL_CTX_set_stateless_cookie_verify_cb(
        s: *mut SSL_CTX,
-        cb: Option<
+        cb: Option<unsafe extern "C" fn(ssl: *mut SSL, cookie: *const c_uchar, cookie_len: size_t) -> c_int>,
            unsafe extern "C" fn(
                ssl: *mut SSL,
                cookie: *const c_uchar,
                cookie_len: size_t,
            ) -> c_int,
        >,
    );
    pub fn SSL_CTX_set_next_protos_advertised_cb(
        ssl: *mut SSL_CTX,
-        cb: extern "C" fn(
+        cb: extern "C" fn(ssl: *mut SSL, out: *mut *const c_uchar, outlen: *mut c_uint, arg: *mut c_void) -> c_int,
            ssl: *mut SSL,
            out: *mut *const c_uchar,
            outlen: *mut c_uint,
            arg: *mut c_void,
        ) -> c_int,
        arg: *mut c_void,
    );
    pub fn SSL_CTX_set_next_proto_select_cb(
@ -322,11 +280,7 @@ extern "C" {
        ) -> c_int,
        arg: *mut c_void,
    );
-    pub fn SSL_get0_next_proto_negotiated(
+    pub fn SSL_get0_next_proto_negotiated(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint);
        s: *const SSL,
        data: *mut *const c_uchar,
        len: *mut c_uint,
    );
    pub fn SSL_select_next_proto(
        out: *mut *mut c_uchar,
@ -367,22 +321,11 @@ extern "C" {
 extern "C" {
    pub fn SSL_CTX_set_psk_client_callback(
        ssl: *mut SSL_CTX,
-        psk_client_cb: Option<
+        psk_client_cb: Option<extern "C" fn(*mut SSL, *const c_char, *mut c_char, c_uint, *mut c_uchar, c_uint) -> c_uint>,
            extern "C" fn(
                *mut SSL,
                *const c_char,
                *mut c_char,
                c_uint,
                *mut c_uchar,
                c_uint,
            ) -> c_uint,
        >,
    );
    pub fn SSL_CTX_set_psk_server_callback(
        ssl: *mut SSL_CTX,
-        psk_server_cb: Option<
+        psk_server_cb: Option<extern "C" fn(*mut SSL, *const c_char, *mut c_uchar, c_uint) -> c_uint>,
            extern "C" fn(*mut SSL, *const c_char, *mut c_uchar, c_uint) -> c_uint,
        >,
    );
    pub fn SSL_get_psk_identity_hint(ssl: *const SSL) -> *const c_char;
    pub fn SSL_get_psk_identity(ssl: *const SSL) -> *const c_char;
@ -406,8 +349,7 @@ extern "C" {
 }
 #[cfg(ossl111)]
-pub type SSL_CTX_keylog_cb_func =
+pub type SSL_CTX_keylog_cb_func = Option<unsafe extern "C" fn(ssl: *const SSL, line: *const c_char)>;
    Option<unsafe extern "C" fn(ssl: *const SSL, line: *const c_char)>;
 extern "C" {
    #[cfg(ossl111)]
@ -503,20 +445,9 @@ extern "C" {
    pub fn SSL_CTX_use_PrivateKey(ctx: *mut SSL_CTX, key: *mut EVP_PKEY) -> c_int;
    pub fn SSL_CTX_use_certificate(ctx: *mut SSL_CTX, cert: *mut X509) -> c_int;
-    pub fn SSL_CTX_use_PrivateKey_file(
+    pub fn SSL_CTX_use_PrivateKey_file(ctx: *mut SSL_CTX, key_file: *const c_char, file_type: c_int) -> c_int;
-        ctx: *mut SSL_CTX,
+    pub fn SSL_CTX_use_certificate_file(ctx: *mut SSL_CTX, cert_file: *const c_char, file_type: c_int) -> c_int;
-        key_file: *const c_char,
+    pub fn SSL_CTX_use_certificate_chain_file(ctx: *mut SSL_CTX, cert_chain_file: *const c_char) -> c_int;
        file_type: c_int,
    ) -> c_int;
    pub fn SSL_CTX_use_certificate_file(
        ctx: *mut SSL_CTX,
        cert_file: *const c_char,
        file_type: c_int,
    ) -> c_int;
    pub fn SSL_CTX_use_certificate_chain_file(
        ctx: *mut SSL_CTX,
        cert_chain_file: *const c_char,
    ) -> c_int;
    pub fn SSL_use_PrivateKey_file(ssl: *mut SSL, file: *const c_char, type_: c_int) -> c_int;
    pub fn SSL_use_PrivateKey(ssl: *mut SSL, pkey: *mut EVP_PKEY) -> c_int;
    pub fn SSL_use_certificate(ssl: *mut SSL, x: *mut X509) -> c_int;
@ -555,11 +486,7 @@ extern "C" {
    pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int;
    pub fn SSL_CTX_add_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int;
    pub fn SSL_CTX_remove_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int;
-    pub fn d2i_SSL_SESSION(
+    pub fn d2i_SSL_SESSION(a: *mut *mut SSL_SESSION, pp: *mut *const c_uchar, len: c_long) -> *mut SSL_SESSION;
        a: *mut *mut SSL_SESSION,
        pp: *mut *const c_uchar,
        len: c_long,
    ) -> *mut SSL_SESSION;
    #[cfg(not(ossl300))]
    pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509;
@ -568,11 +495,7 @@ extern "C" {
    pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509;
-    pub fn SSL_CTX_set_verify(
+    pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int, verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>);
        ctx: *mut SSL_CTX,
        mode: c_int,
        verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>,
    );
    pub fn SSL_CTX_set_verify_depth(ctx: *mut SSL_CTX, depth: c_int);
    #[cfg(any(ossl111, libressl340))]
@ -580,11 +503,7 @@ extern "C" {
    pub fn SSL_CTX_check_private_key(ctx: *const SSL_CTX) -> c_int;
-    pub fn SSL_CTX_set_session_id_context(
+    pub fn SSL_CTX_set_session_id_context(ssl: *mut SSL_CTX, sid_ctx: *const c_uchar, sid_ctx_len: c_uint) -> c_int;
        ssl: *mut SSL_CTX,
        sid_ctx: *const c_uchar,
        sid_ctx_len: c_uint,
    ) -> c_int;
    pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL;
@ -596,15 +515,10 @@ extern "C" {
 }
 #[cfg(ossl111)]
-pub type SSL_client_hello_cb_fn =
+pub type SSL_client_hello_cb_fn = Option<unsafe extern "C" fn(s: *mut SSL, al: *mut c_int, arg: *mut c_void) -> c_int>;
    Option<unsafe extern "C" fn(s: *mut SSL, al: *mut c_int, arg: *mut c_void) -> c_int>;
 extern "C" {
    #[cfg(ossl111)]
-    pub fn SSL_CTX_set_client_hello_cb(
+    pub fn SSL_CTX_set_client_hello_cb(c: *mut SSL_CTX, cb: SSL_client_hello_cb_fn, arg: *mut c_void);
        c: *mut SSL_CTX,
        cb: SSL_client_hello_cb_fn,
        arg: *mut c_void,
    );
    #[cfg(ossl111)]
    pub fn SSL_client_hello_isv2(s: *mut SSL) -> c_int;
    #[cfg(ossl111)]
@ -616,23 +530,11 @@ extern "C" {
    #[cfg(ossl111)]
    pub fn SSL_client_hello_get0_ciphers(s: *mut SSL, out: *mut *const c_uchar) -> size_t;
    #[cfg(ossl111)]
-    pub fn SSL_client_hello_get0_compression_methods(
+    pub fn SSL_client_hello_get0_compression_methods(s: *mut SSL, out: *mut *const c_uchar) -> size_t;
        s: *mut SSL,
        out: *mut *const c_uchar,
    ) -> size_t;
    #[cfg(ossl111)]
-    pub fn SSL_client_hello_get1_extensions_present(
+    pub fn SSL_client_hello_get1_extensions_present(s: *mut SSL, out: *mut *mut c_int, outlen: *mut size_t) -> c_int;
        s: *mut SSL,
        out: *mut *mut c_int,
        outlen: *mut size_t,
    ) -> c_int;
    #[cfg(ossl111)]
-    pub fn SSL_client_hello_get0_ext(
+    pub fn SSL_client_hello_get0_ext(s: *mut SSL, type_: c_uint, out: *mut *const c_uchar, outlen: *mut size_t) -> c_int;
        s: *mut SSL,
        type_: c_uint,
        out: *mut *const c_uchar,
        outlen: *mut size_t,
    ) -> c_int;
    pub fn SSL_free(ssl: *mut SSL);
    pub fn SSL_accept(ssl: *mut SSL) -> c_int;
@ -642,31 +544,17 @@ extern "C" {
    pub fn SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int;
    pub fn SSL_peek(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int;
    #[cfg(any(ossl111, libressl340))]
-    pub fn SSL_read_early_data(
+    pub fn SSL_read_early_data(s: *mut SSL, buf: *mut c_void, num: size_t, readbytes: *mut size_t) -> c_int;
        s: *mut SSL,
        buf: *mut c_void,
        num: size_t,
        readbytes: *mut size_t,
    ) -> c_int;
 }
 extern "C" {
    pub fn SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int;
    #[cfg(any(ossl111, libressl340))]
-    pub fn SSL_write_early_data(
+    pub fn SSL_write_early_data(s: *mut SSL, buf: *const c_void, num: size_t, written: *mut size_t) -> c_int;
        s: *mut SSL,
        buf: *const c_void,
        num: size_t,
        written: *mut size_t,
    ) -> c_int;
    pub fn SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
    pub fn SSL_CTX_ctrl(ctx: *mut SSL_CTX, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
    #[link_name = "SSL_CTX_callback_ctrl"]
-    pub fn SSL_CTX_callback_ctrl__fixed_rust(
+    pub fn SSL_CTX_callback_ctrl__fixed_rust(ctx: *mut SSL_CTX, cmd: c_int, fp: Option<unsafe extern "C" fn()>) -> c_long;
        ctx: *mut SSL_CTX,
        cmd: c_int,
        fp: Option<unsafe extern "C" fn()>,
    ) -> c_long;
 }
 cfg_if! {
@ -717,11 +605,7 @@ extern "C" {
    pub fn SSL_CTX_add_client_CA(ctx: *mut SSL_CTX, cacert: *mut X509) -> c_int;
    pub fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int;
-    pub fn SSL_CTX_load_verify_locations(
+    pub fn SSL_CTX_load_verify_locations(ctx: *mut SSL_CTX, CAfile: *const c_char, CApath: *const c_char) -> c_int;
        ctx: *mut SSL_CTX,
        CAfile: *const c_char,
        CApath: *const c_char,
    ) -> c_int;
 }
 const_ptr_api! {
@ -737,11 +621,7 @@ extern "C" {
    #[cfg(not(ossl110))]
    pub fn SSL_library_init() -> c_int;
-    pub fn SSL_CIPHER_description(
+    pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *mut c_char;
        cipher: *const SSL_CIPHER,
        buf: *mut c_char,
        size: c_int,
    ) -> *mut c_char;
    pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509;
 }
@ -773,11 +653,7 @@ extern "C" {
    #[cfg(any(ossl110, libressl270))]
    pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t;
    #[cfg(any(ossl110, libressl273))]
-    pub fn SSL_SESSION_get_master_key(
+    pub fn SSL_SESSION_get_master_key(session: *const SSL_SESSION, out: *mut c_uchar, outlen: size_t) -> size_t;
        session: *const SSL_SESSION,
        out: *mut c_uchar,
        outlen: size_t,
    ) -> size_t;
 }
 extern "C" {
@ -812,32 +688,24 @@ extern "C" {
    #[link_name = "SSL_CTX_set_tmp_dh_callback"]
    pub fn SSL_CTX_set_tmp_dh_callback__fixed_rust(
        ctx: *mut SSL_CTX,
-        dh: Option<
+        dh: Option<unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH>,
            unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
        >,
    );
    #[link_name = "SSL_set_tmp_dh_callback"]
    pub fn SSL_set_tmp_dh_callback__fixed_rust(
        ctx: *mut SSL,
-        dh: Option<
+        dh: Option<unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH>,
            unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
        >,
    );
    #[cfg(not(ossl110))]
    #[link_name = "SSL_CTX_set_tmp_ecdh_callback"]
    pub fn SSL_CTX_set_tmp_ecdh_callback__fixed_rust(
        ctx: *mut SSL_CTX,
-        ecdh: Option<
+        ecdh: Option<unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut EC_KEY>,
            unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut EC_KEY,
        >,
    );
    #[cfg(not(ossl110))]
    #[link_name = "SSL_set_tmp_ecdh_callback"]
    pub fn SSL_set_tmp_ecdh_callback__fixed_rust(
        ssl: *mut SSL,
-        ecdh: Option<
+        ecdh: Option<unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut EC_KEY>,
            unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut EC_KEY,
        >,
    );
 }
--- a/openssl-sys/src/handwritten/x509.rs
+++ b/openssl-sys/src/handwritten/x509.rs
@ -141,12 +141,7 @@ extern "C" {
    pub fn X509_sign(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
-    pub fn X509_digest(
+    pub fn X509_digest(x: *const X509, digest: *const EVP_MD, buf: *mut c_uchar, len: *mut c_uint) -> c_int;
        x: *const X509,
        digest: *const EVP_MD,
        buf: *mut c_uchar,
        len: *mut c_uint,
    ) -> c_int;
    pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
 }
@ -170,17 +165,9 @@ extern "C" {
    pub fn d2i_PUBKEY(k: *mut *mut EVP_PKEY, buf: *mut *const u8, len: c_long) -> *mut EVP_PKEY;
    pub fn d2i_RSA_PUBKEY(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA;
    pub fn d2i_DSA_PUBKEY(k: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA;
-    pub fn d2i_EC_PUBKEY(
+    pub fn d2i_EC_PUBKEY(a: *mut *mut EC_KEY, pp: *mut *const c_uchar, length: c_long) -> *mut EC_KEY;
        a: *mut *mut EC_KEY,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut EC_KEY;
-    pub fn d2i_ECPrivateKey(
+    pub fn d2i_ECPrivateKey(k: *mut *mut EC_KEY, pp: *mut *const c_uchar, length: c_long) -> *mut EC_KEY;
        k: *mut *mut EC_KEY,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut EC_KEY;
 }
 const_ptr_api! {
@ -213,11 +200,7 @@ const_ptr_api! {
 }
 extern "C" {
-    pub fn d2i_X509_REVOKED(
+    pub fn d2i_X509_REVOKED(a: *mut *mut X509_REVOKED, pp: *mut *const c_uchar, length: c_long) -> *mut X509_REVOKED;
        a: *mut *mut X509_REVOKED,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut X509_REVOKED;
 }
 const_ptr_api! {
    extern "C" {
@ -227,11 +210,7 @@ const_ptr_api! {
 extern "C" {
    pub fn X509_CRL_new() -> *mut X509_CRL;
    pub fn X509_CRL_free(x: *mut X509_CRL);
-    pub fn d2i_X509_CRL(
+    pub fn d2i_X509_CRL(a: *mut *mut X509_CRL, pp: *mut *const c_uchar, length: c_long) -> *mut X509_CRL;
        a: *mut *mut X509_CRL,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut X509_CRL;
 }
 const_ptr_api! {
    extern "C" {
@ -244,11 +223,7 @@ const_ptr_api! {
 extern "C" {
    pub fn X509_REQ_new() -> *mut X509_REQ;
    pub fn X509_REQ_free(x: *mut X509_REQ);
-    pub fn d2i_X509_REQ(
+    pub fn d2i_X509_REQ(a: *mut *mut X509_REQ, pp: *mut *const c_uchar, length: c_long) -> *mut X509_REQ;
        a: *mut *mut X509_REQ,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut X509_REQ;
 }
 const_ptr_api! {
    extern "C" {
@ -380,18 +355,9 @@ extern "C" {
    pub fn X509_REVOKED_set_revocationDate(r: *mut X509_REVOKED, tm: *mut ASN1_TIME) -> c_int;
    pub fn X509_CRL_sign(x: *mut X509_CRL, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
-    pub fn X509_CRL_digest(
+    pub fn X509_CRL_digest(x: *const X509_CRL, digest: *const EVP_MD, md: *mut c_uchar, len: *mut c_uint) -> c_int;
        x: *const X509_CRL,
        digest: *const EVP_MD,
        md: *mut c_uchar,
        len: *mut c_uint,
    ) -> c_int;
    pub fn X509_CRL_verify(crl: *mut X509_CRL, pkey: *mut EVP_PKEY) -> c_int;
-    pub fn X509_CRL_get0_by_cert(
+    pub fn X509_CRL_get0_by_cert(x: *mut X509_CRL, ret: *mut *mut X509_REVOKED, cert: *mut X509) -> c_int;
        x: *mut X509_CRL,
        ret: *mut *mut X509_REVOKED,
        cert: *mut X509,
    ) -> c_int;
 }
 const_ptr_api! {
    extern "C" {
@ -474,11 +440,7 @@ extern "C" {
        loc: c_int,
        set: c_int,
    ) -> c_int;
-    pub fn d2i_X509_NAME(
+    pub fn d2i_X509_NAME(n: *mut *mut X509_NAME, pp: *mut *const c_uchar, length: c_long) -> *mut X509_NAME;
        n: *mut *mut X509_NAME,
        pp: *mut *const c_uchar,
        length: c_long,
    ) -> *mut X509_NAME;
 }
 // "raw" X509_EXTENSION related functions
@ -486,65 +448,26 @@ extern "C" {
    // in X509
    pub fn X509_delete_ext(x: *mut X509, loc: c_int) -> *mut X509_EXTENSION;
    pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int;
-    pub fn X509_add1_ext_i2d(
+    pub fn X509_add1_ext_i2d(x: *mut X509, nid: c_int, value: *mut c_void, crit: c_int, flags: c_ulong) -> c_int;
        x: *mut X509,
        nid: c_int,
        value: *mut c_void,
        crit: c_int,
        flags: c_ulong,
    ) -> c_int;
    // in X509_CRL
    pub fn X509_CRL_delete_ext(x: *mut X509_CRL, loc: c_int) -> *mut X509_EXTENSION;
    pub fn X509_CRL_add_ext(x: *mut X509_CRL, ext: *mut X509_EXTENSION, loc: c_int) -> c_int;
-    pub fn X509_CRL_add1_ext_i2d(
+    pub fn X509_CRL_add1_ext_i2d(x: *mut X509_CRL, nid: c_int, value: *mut c_void, crit: c_int, flags: c_ulong) -> c_int;
        x: *mut X509_CRL,
        nid: c_int,
        value: *mut c_void,
        crit: c_int,
        flags: c_ulong,
    ) -> c_int;
    // in X509_REVOKED
    pub fn X509_REVOKED_delete_ext(x: *mut X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION;
-    pub fn X509_REVOKED_add_ext(
+    pub fn X509_REVOKED_add_ext(x: *mut X509_REVOKED, ext: *mut X509_EXTENSION, loc: c_int) -> c_int;
-        x: *mut X509_REVOKED,
+    pub fn X509_REVOKED_add1_ext_i2d(x: *mut X509_REVOKED, nid: c_int, value: *mut c_void, crit: c_int, flags: c_ulong) -> c_int;
        ext: *mut X509_EXTENSION,
        loc: c_int,
    ) -> c_int;
    pub fn X509_REVOKED_add1_ext_i2d(
        x: *mut X509_REVOKED,
        nid: c_int,
        value: *mut c_void,
        crit: c_int,
        flags: c_ulong,
    ) -> c_int;
    // X509_EXTENSION stack
    // - these getters always used *const STACK
    pub fn X509v3_get_ext_count(x: *const stack_st_X509_EXTENSION) -> c_int;
-    pub fn X509v3_get_ext_by_NID(
+    pub fn X509v3_get_ext_by_NID(x: *const stack_st_X509_EXTENSION, nid: c_int, lastpos: c_int) -> c_int;
-        x: *const stack_st_X509_EXTENSION,
+    pub fn X509v3_get_ext_by_critical(x: *const stack_st_X509_EXTENSION, crit: c_int, lastpos: c_int) -> c_int;
        nid: c_int,
        lastpos: c_int,
    ) -> c_int;
    pub fn X509v3_get_ext_by_critical(
        x: *const stack_st_X509_EXTENSION,
        crit: c_int,
        lastpos: c_int,
    ) -> c_int;
    pub fn X509v3_get_ext(x: *const stack_st_X509_EXTENSION, loc: c_int) -> *mut X509_EXTENSION;
    pub fn X509v3_delete_ext(x: *mut stack_st_X509_EXTENSION, loc: c_int) -> *mut X509_EXTENSION;
-    pub fn X509v3_add_ext(
+    pub fn X509v3_add_ext(x: *mut *mut stack_st_X509_EXTENSION, ex: *mut X509_EXTENSION, loc: c_int) -> *mut stack_st_X509_EXTENSION;
        x: *mut *mut stack_st_X509_EXTENSION,
        ex: *mut X509_EXTENSION,
        loc: c_int,
    ) -> *mut stack_st_X509_EXTENSION;
    // - X509V3_add1_i2d in x509v3.rs
    // X509_EXTENSION itself
-    pub fn X509_EXTENSION_create_by_NID(
+    pub fn X509_EXTENSION_create_by_NID(ex: *mut *mut X509_EXTENSION, nid: c_int, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION;
        ex: *mut *mut X509_EXTENSION,
        nid: c_int,
        crit: c_int,
        data: *mut ASN1_OCTET_STRING,
    ) -> *mut X509_EXTENSION;
    pub fn X509_EXTENSION_set_critical(ex: *mut X509_EXTENSION, crit: c_int) -> c_int;
    pub fn X509_EXTENSION_set_data(ex: *mut X509_EXTENSION, data: *mut ASN1_OCTET_STRING) -> c_int;
    pub fn X509_EXTENSION_get_object(ext: *mut X509_EXTENSION) -> *mut ASN1_OBJECT;
@ -651,8 +574,7 @@ pub struct X509_PURPOSE {
    pub purpose: c_int,
    pub trust: c_int, // Default trust ID
    pub flags: c_int,
-    pub check_purpose:
+    pub check_purpose: Option<unsafe extern "C" fn(*const X509_PURPOSE, *const X509, c_int) -> c_int>,
        Option<unsafe extern "C" fn(*const X509_PURPOSE, *const X509, c_int) -> c_int>,
    pub name: *mut c_char,
    pub sname: *mut c_char,
    pub usr_data: *mut c_void,
--- a/openssl-sys/src/handwritten/x509_vfy.rs
+++ b/openssl-sys/src/handwritten/x509_vfy.rs
@ -13,13 +13,7 @@ extern "C" {
    pub fn X509_LOOKUP_free(ctx: *mut X509_LOOKUP);
    pub fn X509_LOOKUP_hash_dir() -> *mut X509_LOOKUP_METHOD;
    pub fn X509_LOOKUP_file() -> *mut X509_LOOKUP_METHOD;
-    pub fn X509_LOOKUP_ctrl(
+    pub fn X509_LOOKUP_ctrl(ctx: *mut X509_LOOKUP, cmd: c_int, argc: *const c_char, argl: c_long, ret: *mut *mut c_char) -> c_int;
        ctx: *mut X509_LOOKUP,
        cmd: c_int,
        argc: *const c_char,
        argl: c_long,
        ret: *mut *mut c_char,
    ) -> c_int;
    pub fn X509_load_cert_file(ctx: *mut X509_LOOKUP, file: *const c_char, _type: c_int) -> c_int;
    pub fn X509_load_crl_file(ctx: *mut X509_LOOKUP, file: *const c_char, _type: c_int) -> c_int;
 }
@ -31,20 +25,12 @@ extern "C" {
    pub fn X509_STORE_CTX_new() -> *mut X509_STORE_CTX;
    pub fn X509_STORE_CTX_free(ctx: *mut X509_STORE_CTX);
-    pub fn X509_STORE_CTX_init(
+    pub fn X509_STORE_CTX_init(ctx: *mut X509_STORE_CTX, store: *mut X509_STORE, x509: *mut X509, chain: *mut stack_st_X509) -> c_int;
        ctx: *mut X509_STORE_CTX,
        store: *mut X509_STORE,
        x509: *mut X509,
        chain: *mut stack_st_X509,
    ) -> c_int;
    pub fn X509_STORE_CTX_cleanup(ctx: *mut X509_STORE_CTX);
    pub fn X509_STORE_add_cert(store: *mut X509_STORE, x: *mut X509) -> c_int;
-    pub fn X509_STORE_add_lookup(
+    pub fn X509_STORE_add_lookup(store: *mut X509_STORE, meth: *mut X509_LOOKUP_METHOD) -> *mut X509_LOOKUP;
        store: *mut X509_STORE,
        meth: *mut X509_LOOKUP_METHOD,
    ) -> *mut X509_LOOKUP;
    pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int;
    pub fn X509_STORE_set_flags(store: *mut X509_STORE, flags: c_ulong) -> c_int;
@ -110,19 +96,11 @@ const_ptr_api! {
 extern "C" {
    #[cfg(any(ossl102, libressl261))]
-    pub fn X509_VERIFY_PARAM_set1_host(
+    pub fn X509_VERIFY_PARAM_set1_host(param: *mut X509_VERIFY_PARAM, name: *const c_char, namelen: size_t) -> c_int;
        param: *mut X509_VERIFY_PARAM,
        name: *const c_char,
        namelen: size_t,
    ) -> c_int;
    #[cfg(any(ossl102, libressl261))]
    pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint);
    #[cfg(any(ossl102, libressl261))]
-    pub fn X509_VERIFY_PARAM_set1_ip(
+    pub fn X509_VERIFY_PARAM_set1_ip(param: *mut X509_VERIFY_PARAM, ip: *const c_uchar, iplen: size_t) -> c_int;
        param: *mut X509_VERIFY_PARAM,
        ip: *const c_uchar,
        iplen: size_t,
    ) -> c_int;
    #[cfg(ossl110)]
    pub fn X509_VERIFY_PARAM_set_auth_level(param: *mut X509_VERIFY_PARAM, lvl: c_int);
    #[cfg(ossl110)]
--- a/openssl-sys/src/handwritten/x509v3.rs
+++ b/openssl-sys/src/handwritten/x509v3.rs
@ -53,14 +53,7 @@ extern "C" {
    pub fn X509V3_set_nconf(ctx: *mut X509V3_CTX, conf: *mut CONF);
-    pub fn X509V3_set_ctx(
+    pub fn X509V3_set_ctx(ctx: *mut X509V3_CTX, issuer: *mut X509, subject: *mut X509, req: *mut X509_REQ, crl: *mut X509_CRL, flags: c_int);
        ctx: *mut X509V3_CTX,
        issuer: *mut X509,
        subject: *mut X509,
        req: *mut X509_REQ,
        crl: *mut X509_CRL,
        flags: c_int,
    );
    pub fn X509_get1_ocsp(x: *mut X509) -> *mut stack_st_OPENSSL_STRING;
 }
@ -81,19 +74,8 @@ extern "C" {
    pub fn X509V3_EXT_add_alias(nid_to: c_int, nid_from: c_int) -> c_int;
    pub fn X509V3_EXT_d2i(ext: *mut X509_EXTENSION) -> *mut c_void;
    pub fn X509V3_EXT_i2d(ext_nid: c_int, crit: c_int, ext: *mut c_void) -> *mut X509_EXTENSION;
-    pub fn X509V3_add1_i2d(
+    pub fn X509V3_add1_i2d(x: *mut *mut stack_st_X509_EXTENSION, nid: c_int, value: *mut c_void, crit: c_int, flags: c_ulong) -> c_int;
-        x: *mut *mut stack_st_X509_EXTENSION,
+    pub fn X509V3_EXT_print(out: *mut BIO, ext: *mut X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int;
        nid: c_int,
        value: *mut c_void,
        crit: c_int,
        flags: c_ulong,
    ) -> c_int;
    pub fn X509V3_EXT_print(
        out: *mut BIO,
        ext: *mut X509_EXTENSION,
        flag: c_ulong,
        indent: c_int,
    ) -> c_int;
    #[cfg(ossl110)]
    pub fn X509_get_extension_flags(x: *mut X509) -> u32;
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -91,12 +91,7 @@ mod openssl {
    static INIT: Once = Once::new();
    // FIXME remove
-    pub type PasswordCallback = unsafe extern "C" fn(
+    pub type PasswordCallback = unsafe extern "C" fn(buf: *mut c_char, size: c_int, rwflag: c_int, user_data: *mut c_void) -> c_int;
        buf: *mut c_char,
        size: c_int,
        rwflag: c_int,
        user_data: *mut c_void,
    ) -> c_int;
    #[cfg(ossl110)]
    pub fn init() {
@ -120,26 +115,16 @@ mod openssl {
        use std::sync::{Mutex, MutexGuard};
        static mut MUTEXES: *mut Vec<Mutex<()>> = 0 as *mut Vec<Mutex<()>>;
-        static mut GUARDS: *mut Vec<Option<MutexGuard<'static, ()>>> =
+        static mut GUARDS: *mut Vec<Option<MutexGuard<'static, ()>>> = 0 as *mut Vec<Option<MutexGuard<'static, ()>>>;
            0 as *mut Vec<Option<MutexGuard<'static, ()>>>;
-        unsafe extern "C" fn locking_function(
+        unsafe extern "C" fn locking_function(mode: c_int, n: c_int, _file: *const c_char, _line: c_int) {
            mode: c_int,
            n: c_int,
            _file: *const c_char,
            _line: c_int,
        ) {
            let mutex = &(*MUTEXES)[n as usize];
            if mode & CRYPTO_LOCK != 0 {
                (*GUARDS)[n as usize] = Some(mutex.lock().unwrap());
            } else {
                if let None = (*GUARDS)[n as usize].take() {
-                    let _ = writeln!(
+                    let _ = writeln!(io::stderr(), "BUG: rust-openssl lock {} already unlocked, aborting", n);
                        io::stderr(),
                        "BUG: rust-openssl lock {} already unlocked, aborting",
                        n
                    );
                    process::abort();
                }
            }
@ -172,8 +157,7 @@ mod openssl {
                mutexes.push(Mutex::new(()));
            }
            MUTEXES = mem::transmute(mutexes);
-            let guards: Box<Vec<Option<MutexGuard<()>>>> =
+            let guards: Box<Vec<Option<MutexGuard<()>>>> = Box::new((0..num_locks).map(|_| None).collect());
                Box::new((0..num_locks).map(|_| None).collect());
            GUARDS = mem::transmute(guards);
            CRYPTO_set_locking_callback__fixed_rust(Some(locking_function));
--- a/openssl-sys/src/rsa.rs
+++ b/openssl-sys/src/rsa.rs
@ -54,22 +54,11 @@ cfg_if! {
 #[cfg(any(ossl102, libressl310))]
 pub unsafe fn EVP_PKEY_CTX_set_rsa_oaep_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int {
-    EVP_PKEY_CTX_ctrl(
+    EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, EVP_PKEY_CTRL_RSA_OAEP_MD, 0, md as *mut c_void)
        ctx,
        EVP_PKEY_RSA,
        EVP_PKEY_OP_TYPE_CRYPT,
        EVP_PKEY_CTRL_RSA_OAEP_MD,
        0,
        md as *mut c_void,
    )
 }
 #[cfg(any(ossl102, libressl310))]
-pub unsafe fn EVP_PKEY_CTX_set0_rsa_oaep_label(
+pub unsafe fn EVP_PKEY_CTX_set0_rsa_oaep_label(ctx: *mut EVP_PKEY_CTX, label: *mut c_void, len: c_int) -> c_int {
    ctx: *mut EVP_PKEY_CTX,
    label: *mut c_void,
    len: c_int,
 ) -> c_int {
    EVP_PKEY_CTX_ctrl(
        ctx,
        EVP_PKEY_RSA,
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@ -291,8 +291,7 @@ pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_S
 pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = 0x80;
 pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = 0x100;
 pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200;
-pub const SSL_SESS_CACHE_NO_INTERNAL: c_long =
+pub const SSL_SESS_CACHE_NO_INTERNAL: c_long = SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE;
    SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE;
 pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0;
 pub const OPENSSL_NPN_NEGOTIATED: c_int = 1;
@ -380,10 +379,7 @@ pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -
    SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void)
 }
-pub unsafe fn SSL_CTX_get_extra_chain_certs(
+pub unsafe fn SSL_CTX_get_extra_chain_certs(ctx: *mut SSL_CTX, chain: *mut *mut stack_st_X509) -> c_long {
    ctx: *mut SSL_CTX,
    chain: *mut *mut stack_st_X509,
 ) -> c_long {
    SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, chain as *mut c_void)
 }
@ -421,32 +417,17 @@ pub unsafe fn SSL_add0_chain_cert(ssl: *mut SSL, ptr: *mut X509) -> c_long {
 #[cfg(ossl102)]
 pub unsafe fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
-    SSL_CTX_ctrl(
+    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SIGALGS_LIST, 0, s as *const c_void as *mut c_void)
        ctx,
        SSL_CTRL_SET_SIGALGS_LIST,
        0,
        s as *const c_void as *mut c_void,
    )
 }
 #[cfg(any(libressl, all(ossl102, not(ossl110))))]
 pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int {
-    SSL_CTX_ctrl(
+    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, onoff as c_long, ptr::null_mut()) as c_int
        ctx,
        SSL_CTRL_SET_ECDH_AUTO,
        onoff as c_long,
        ptr::null_mut(),
    ) as c_int
 }
 #[cfg(any(libressl, all(ossl102, not(ossl110))))]
 pub unsafe fn SSL_set_ecdh_auto(ssl: *mut SSL, onoff: c_int) -> c_int {
-    SSL_ctrl(
+    SSL_ctrl(ssl, SSL_CTRL_SET_ECDH_AUTO, onoff as c_long, ptr::null_mut()) as c_int
        ssl,
        SSL_CTRL_SET_ECDH_AUTO,
        onoff as c_long,
        ptr::null_mut(),
    ) as c_int
 }
 cfg_if! {
@ -567,42 +548,21 @@ pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long {
 #[allow(clashing_extern_declarations)]
 extern "C" {
    #[deprecated(note = "use SSL_CTX_set_tmp_dh_callback__fixed_rust instead")]
-    pub fn SSL_CTX_set_tmp_dh_callback(
+    pub fn SSL_CTX_set_tmp_dh_callback(ctx: *mut SSL_CTX, dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH);
        ctx: *mut SSL_CTX,
        dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
    );
    #[deprecated(note = "use SSL_set_tmp_dh_callback__fixed_rust instead")]
-    pub fn SSL_set_tmp_dh_callback(
+    pub fn SSL_set_tmp_dh_callback(ctx: *mut SSL, dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH);
        ctx: *mut SSL,
        dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
    );
    #[deprecated(note = "use SSL_CTX_set_tmp_ecdh_callback__fixed_rust instead")]
    #[cfg(not(ossl110))]
    pub fn SSL_CTX_set_tmp_ecdh_callback(
        ctx: *mut SSL_CTX,
-        ecdh: unsafe extern "C" fn(
+        ecdh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut EC_KEY,
            ssl: *mut SSL,
            is_export: c_int,
            keylength: c_int,
        ) -> *mut EC_KEY,
    );
    #[deprecated(note = "use SSL_set_tmp_ecdh_callback__fixed_rust instead")]
    #[cfg(not(ossl110))]
-    pub fn SSL_set_tmp_ecdh_callback(
+    pub fn SSL_set_tmp_ecdh_callback(ssl: *mut SSL, ecdh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut EC_KEY);
        ssl: *mut SSL,
        ecdh: unsafe extern "C" fn(
            ssl: *mut SSL,
            is_export: c_int,
            keylength: c_int,
        ) -> *mut EC_KEY,
    );
    #[deprecated(note = "use SSL_CTX_callback_ctrl__fixed_rust instead")]
-    pub fn SSL_CTX_callback_ctrl(
+    pub fn SSL_CTX_callback_ctrl(ctx: *mut SSL_CTX, cmd: c_int, fp: Option<extern "C" fn()>) -> c_long;
        ctx: *mut SSL_CTX,
        cmd: c_int,
        fp: Option<extern "C" fn()>,
    ) -> c_long;
    #[deprecated(note = "use SSL_CTX_set_alpn_select_cb__fixed_rust instead")]
    #[cfg(any(ossl102, libressl261))]
--- a/openssl-sys/src/tls1.rs
+++ b/openssl-sys/src/tls1.rs
@ -17,43 +17,19 @@ pub const TLSEXT_NAMETYPE_host_name: c_int = 0;
 pub const TLSEXT_STATUSTYPE_ocsp: c_int = 1;
 pub unsafe fn SSL_set_tlsext_host_name(s: *mut SSL, name: *mut c_char) -> c_long {
-    SSL_ctrl(
+    SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name as c_long, name as *mut c_void)
        s,
        SSL_CTRL_SET_TLSEXT_HOSTNAME,
        TLSEXT_NAMETYPE_host_name as c_long,
        name as *mut c_void,
    )
 }
 pub unsafe fn SSL_set_tlsext_status_type(s: *mut SSL, type_: c_int) -> c_long {
-    SSL_ctrl(
+    SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type_ as c_long, ptr::null_mut())
        s,
        SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,
        type_ as c_long,
        ptr::null_mut(),
    )
 }
 pub unsafe fn SSL_get_tlsext_status_ocsp_resp(ssl: *mut SSL, resp: *mut *mut c_uchar) -> c_long {
-    SSL_ctrl(
+    SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP, 0, resp as *mut c_void)
        ssl,
        SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,
        0,
        resp as *mut c_void,
    )
 }
-pub unsafe fn SSL_set_tlsext_status_ocsp_resp(
+pub unsafe fn SSL_set_tlsext_status_ocsp_resp(ssl: *mut SSL, resp: *mut c_uchar, len: c_long) -> c_long {
-    ssl: *mut SSL,
+    SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP, len, resp as *mut c_void)
    resp: *mut c_uchar,
    len: c_long,
 ) -> c_long {
    SSL_ctrl(
        ssl,
        SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,
        len,
        resp as *mut c_void,
    )
 }
 #[deprecated(note = "use SSL_CTX_set_tlsext_servername_callback__fixed_rust instead")]
@ -82,10 +58,7 @@ pub unsafe fn SSL_CTX_set_tlsext_servername_arg(ctx: *mut SSL_CTX, arg: *mut c_v
    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, arg)
 }
-pub unsafe fn SSL_CTX_set_tlsext_status_cb(
+pub unsafe fn SSL_CTX_set_tlsext_status_cb(ctx: *mut SSL_CTX, cb: Option<unsafe extern "C" fn(*mut SSL, *mut c_void) -> c_int>) -> c_long {
    ctx: *mut SSL_CTX,
    cb: Option<unsafe extern "C" fn(*mut SSL, *mut c_void) -> c_int>,
 ) -> c_long {
    SSL_CTX_callback_ctrl__fixed_rust(ctx, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, mem::transmute(cb))
 }
--- a/openssl-sys/src/x509_vfy.rs
+++ b/openssl-sys/src/x509_vfy.rs
@ -133,17 +133,7 @@ pub const X509_V_FLAG_NO_ALT_CHAINS: c_ulong = 0x100000;
 #[cfg(ossl110)]
 pub const X509_V_FLAG_NO_CHECK_TIME: c_ulong = 0x200000;
-pub unsafe fn X509_LOOKUP_add_dir(
+pub unsafe fn X509_LOOKUP_add_dir(ctx: *mut X509_LOOKUP, name: *const c_char, _type: c_int) -> c_int {
    ctx: *mut X509_LOOKUP,
    name: *const c_char,
    _type: c_int,
 ) -> c_int {
    const X509_L_ADD_DIR: c_int = 2;
-    X509_LOOKUP_ctrl(
+    X509_LOOKUP_ctrl(ctx, X509_L_ADD_DIR, name, _type as c_long, std::ptr::null_mut())
        ctx,
        X509_L_ADD_DIR,
        name,
        _type as c_long,
        std::ptr::null_mut(),
    )
 }
--- a/zssp/src/zssp.rs
+++ b/zssp/src/zssp.rs
@ -132,18 +132,18 @@ enum Offer {
 const AES_POOL_SIZE: usize = 4;
 struct SessionKey {
-    ratchet_key: Secret<BASE_KEY_SIZE>,            // Key used in derivation of the next session key
+    ratchet_key: Secret<BASE_KEY_SIZE>, // Key used in derivation of the next session key
    //receive_key: Secret<AES_256_KEY_SIZE>,       // Receive side AES-GCM key
    //send_key: Secret<AES_256_KEY_SIZE>,          // Send side AES-GCM key
    receive_cipher_pool: [Mutex<AesGcm<false>>; AES_POOL_SIZE], // Pool of reusable sending ciphers
    send_cipher_pool: [Mutex<AesGcm<true>>; AES_POOL_SIZE],     // Pool of reusable receiving ciphers
-    rekey_at_time: i64,                             // Rekey at or after this time (ticks)
+    rekey_at_time: i64,                                         // Rekey at or after this time (ticks)
-    created_at_counter: u64,                        // Counter at which session was created
+    created_at_counter: u64,                                    // Counter at which session was created
-    rekey_at_counter: u64,                          // Rekey at or after this counter
+    rekey_at_counter: u64,                                      // Rekey at or after this counter
-    expire_at_counter: u64,                         // Hard error when this counter value is reached or exceeded
+    expire_at_counter: u64,                                     // Hard error when this counter value is reached or exceeded
-    ratchet_count: u64,                             // Number of rekey events
+    ratchet_count: u64,                                         // Number of rekey events
-    bob: bool,                                      // Was this side "Bob" in this exchange?
+    bob: bool,                                                  // Was this side "Bob" in this exchange?
-    confirmed: bool,                                // Is this key confirmed by the other side?
+    confirmed: bool,                                            // Is this key confirmed by the other side?
 }
 impl<Application: ApplicationLayer> Context<Application> {
@ -641,7 +641,7 @@ impl<Application: ApplicationLayer> Context<Application> {
                    if aead_authentication_ok {
                        // Packet fully authenticated
                        if !session.update_receive_window(incoming_counter) {
-                            return Err(Error::OutOfSequence)
+                            return Err(Error::OutOfSequence);
                        }
                        // Update the current key to point to this key if it's newer, since having received
                        // a packet encrypted with it proves that the other side has successfully derived it
@ -899,14 +899,11 @@ impl<Application: ApplicationLayer> Context<Application> {
                                // Packet fully authenticated
                                if !session.update_receive_window(incoming_counter) {
-                                    return Err(Error::OutOfSequence)
+                                    return Err(Error::OutOfSequence);
                                }
                                let noise_es_ee_se_hk_psk = hmac_sha512_secret::<BASE_KEY_SIZE>(
-                                    hmac_sha512_secret::<BASE_KEY_SIZE>(
+                                    hmac_sha512_secret::<BASE_KEY_SIZE>(noise_es_ee.as_bytes(), noise_se.as_bytes()).as_bytes(),
                                        noise_es_ee.as_bytes(),
                                        noise_se.as_bytes(),
                                    ).as_bytes(),
                                    hmac_sha512_secret::<BASE_KEY_SIZE>(session.psk.as_bytes(), hk.as_bytes()).as_bytes(),
                                );
@ -1129,7 +1126,7 @@ impl<Application: ApplicationLayer> Context<Application> {
                                    if aead_authentication_ok {
                                        // Packet fully authenticated
                                        if !session.update_receive_window(incoming_counter) {
-                                            return Err(Error::OutOfSequence)
+                                            return Err(Error::OutOfSequence);
                                        }
                                        let pkt: &RekeyInit = byte_array_as_proto_buffer(&pkt_assembled).unwrap();
@ -1221,7 +1218,7 @@ impl<Application: ApplicationLayer> Context<Application> {
                                    if aead_authentication_ok {
                                        // Packet fully authenticated
                                        if !session.update_receive_window(incoming_counter) {
-                                            return Err(Error::OutOfSequence)
+                                            return Err(Error::OutOfSequence);
                                        }
                                        let pkt: &RekeyAck = byte_array_as_proto_buffer(&pkt_assembled).unwrap();
@ -1590,11 +1587,11 @@ impl SessionKey {
    fn get_send_cipher<'a>(&'a self, counter: u64) -> Result<MutexGuard<'a, AesGcm<true>>, Error> {
        if counter < self.expire_at_counter {
            for i in 0..(AES_POOL_SIZE - 1) {
-                if let Ok(p) = self.send_cipher_pool[(counter as usize).wrapping_add(i)%AES_POOL_SIZE].try_lock() {
+                if let Ok(p) = self.send_cipher_pool[(counter as usize).wrapping_add(i) % AES_POOL_SIZE].try_lock() {
                    return Ok(p);
                }
            }
-            Ok(self.send_cipher_pool[(counter as usize)%AES_POOL_SIZE].lock().unwrap())
+            Ok(self.send_cipher_pool[(counter as usize) % AES_POOL_SIZE].lock().unwrap())
        } else {
            Err(Error::MaxKeyLifetimeExceeded)
        }
@ -1602,11 +1599,11 @@ impl SessionKey {
    fn get_receive_cipher<'a>(&'a self, counter: u64) -> MutexGuard<'a, AesGcm<false>> {
        for i in 0..(AES_POOL_SIZE - 1) {
-            if let Ok(p) = self.receive_cipher_pool[(counter as usize).wrapping_add(i)%AES_POOL_SIZE].try_lock() {
+            if let Ok(p) = self.receive_cipher_pool[(counter as usize).wrapping_add(i) % AES_POOL_SIZE].try_lock() {
                return p;
            }
        }
-        self.receive_cipher_pool[(counter as usize)%AES_POOL_SIZE].lock().unwrap()
+        self.receive_cipher_pool[(counter as usize) % AES_POOL_SIZE].lock().unwrap()
    }
 }