BASELINE: Update Chromium to 85.0.4183.14085-based

Change-Id: Iaa42f4680837c57725b1344f108c0196741f6057
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

76 files changed, 2531 insertions, 3707 deletions

diff --git a/chromium/third_party/boringssl/BUILD.generated_tests.gni b/chromium/third_party/boringssl/BUILD.generated_tests.gni
index d4404b4e296..97fee62faf3 100644
--- a/chromium/third_party/boringssl/BUILD.generated_tests.gni
+++ b/chromium/third_party/boringssl/BUILD.generated_tests.gni
@@ -142,13 +142,37 @@ crypto_test_data = [
   "src/crypto/hmac_extra/hmac_tests.txt",
   "src/crypto/poly1305/poly1305_tests.txt",
   "src/crypto/siphash/siphash_tests.txt",
-  "src/crypto/x509/many_constraints.pem",
-  "src/crypto/x509/many_names1.pem",
-  "src/crypto/x509/many_names2.pem",
-  "src/crypto/x509/many_names3.pem",
-  "src/crypto/x509/some_names1.pem",
-  "src/crypto/x509/some_names2.pem",
-  "src/crypto/x509/some_names3.pem",
+  "src/crypto/x509/test/invalid_extension_intermediate.pem",
+  "src/crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem",
+  "src/crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem",
+  "src/crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem",
+  "src/crypto/x509/test/invalid_extension_intermediate_key_usage.pem",
+  "src/crypto/x509/test/invalid_extension_intermediate_name_constraints.pem",
+  "src/crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem",
+  "src/crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem",
+  "src/crypto/x509/test/invalid_extension_leaf.pem",
+  "src/crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem",
+  "src/crypto/x509/test/invalid_extension_leaf_basic_constraints.pem",
+  "src/crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem",
+  "src/crypto/x509/test/invalid_extension_leaf_key_usage.pem",
+  "src/crypto/x509/test/invalid_extension_leaf_name_constraints.pem",
+  "src/crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem",
+  "src/crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem",
+  "src/crypto/x509/test/invalid_extension_root.pem",
+  "src/crypto/x509/test/invalid_extension_root_authority_key_identifier.pem",
+  "src/crypto/x509/test/invalid_extension_root_basic_constraints.pem",
+  "src/crypto/x509/test/invalid_extension_root_ext_key_usage.pem",
+  "src/crypto/x509/test/invalid_extension_root_key_usage.pem",
+  "src/crypto/x509/test/invalid_extension_root_name_constraints.pem",
+  "src/crypto/x509/test/invalid_extension_root_subject_alt_name.pem",
+  "src/crypto/x509/test/invalid_extension_root_subject_key_identifier.pem",
+  "src/crypto/x509/test/many_constraints.pem",
+  "src/crypto/x509/test/many_names1.pem",
+  "src/crypto/x509/test/many_names2.pem",
+  "src/crypto/x509/test/many_names3.pem",
+  "src/crypto/x509/test/some_names1.pem",
+  "src/crypto/x509/test/some_names2.pem",
+  "src/crypto/x509/test/some_names3.pem",
   "src/third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt",
   "src/third_party/wycheproof_testvectors/aes_cmac_test.txt",
   "src/third_party/wycheproof_testvectors/aes_gcm_siv_test.txt",
diff --git a/chromium/third_party/boringssl/err_data.c b/chromium/third_party/boringssl/err_data.c
index 5d7fc3a20df..aa8cb53af03 100644
--- a/chromium/third_party/boringssl/err_data.c
+++ b/chromium/third_party/boringssl/err_data.c
@@ -199,36 +199,39 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x2c34b058,
     0x2c353073,
     0x2c35b085,
-    0x2c363098,
+    0x2c3630b5,
     0x2c36832d,
-    0x2c3730a5,
-    0x2c37b0b7,
-    0x2c3830dc,
-    0x2c38b0f3,
-    0x2c393101,
-    0x2c39b111,
-    0x2c3a3123,
-    0x2c3ab137,
-    0x2c3b3148,
-    0x2c3bb167,
+    0x2c3730c2,
+    0x2c37b0ee,
+    0x2c383113,
+    0x2c38b12a,
+    0x2c393148,
+    0x2c39b158,
+    0x2c3a316a,
+    0x2c3ab17e,
+    0x2c3b318f,
+    0x2c3bb1ae,
     0x2c3c12fa,
     0x2c3c9310,
-    0x2c3d317b,
+    0x2c3d31c2,
     0x2c3d9329,
-    0x2c3e3198,
-    0x2c3eb1a6,
-    0x2c3f31be,
-    0x2c3fb1d6,
-    0x2c403200,
+    0x2c3e31df,
+    0x2c3eb1ed,
+    0x2c3f3205,
+    0x2c3fb21d,
+    0x2c403247,
     0x2c4091fb,
-    0x2c413211,
-    0x2c41b224,
+    0x2c413258,
+    0x2c41b26b,
     0x2c4211c1,
-    0x2c42b235,
+    0x2c42b27c,
     0x2c430722,
-    0x2c43b159,
-    0x2c4430ca,
-    0x2c44b1e3,
+    0x2c43b1a0,
+    0x2c443101,
+    0x2c44b22a,
+    0x2c453098,
+    0x2c45b0d4,
+    0x2c463138,
     0x30320000,
     0x30328015,
     0x3033001f,
@@ -654,69 +657,69 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x4c411557,
     0x4c4193da,
     0x4c421543,
-    0x50323247,
-    0x5032b256,
-    0x50333261,
-    0x5033b271,
-    0x5034328a,
-    0x5034b2a4,
-    0x503532b2,
-    0x5035b2c8,
-    0x503632da,
-    0x5036b2f0,
-    0x50373309,
-    0x5037b31c,
-    0x50383334,
-    0x5038b345,
-    0x5039335a,
-    0x5039b36e,
-    0x503a338e,
-    0x503ab3a4,
-    0x503b33bc,
-    0x503bb3ce,
-    0x503c33ea,
-    0x503cb401,
-    0x503d341a,
-    0x503db430,
-    0x503e343d,
-    0x503eb453,
-    0x503f3465,
+    0x5032328e,
+    0x5032b29d,
+    0x503332a8,
+    0x5033b2b8,
+    0x503432d1,
+    0x5034b2eb,
+    0x503532f9,
+    0x5035b30f,
+    0x50363321,
+    0x5036b337,
+    0x50373350,
+    0x5037b363,
+    0x5038337b,
+    0x5038b38c,
+    0x503933a1,
+    0x5039b3b5,
+    0x503a33d5,
+    0x503ab3eb,
+    0x503b3403,
+    0x503bb415,
+    0x503c3431,
+    0x503cb448,
+    0x503d3461,
+    0x503db477,
+    0x503e3484,
+    0x503eb49a,
+    0x503f34ac,
     0x503f837b,
-    0x50403478,
-    0x5040b488,
-    0x504134a2,
-    0x5041b4b1,
-    0x504234cb,
-    0x5042b4e8,
-    0x504334f8,
-    0x5043b508,
-    0x50443517,
+    0x504034bf,
+    0x5040b4cf,
+    0x504134e9,
+    0x5041b4f8,
+    0x50423512,
+    0x5042b52f,
+    0x5043353f,
+    0x5043b54f,
+    0x5044355e,
     0x50448431,
-    0x5045352b,
-    0x5045b549,
-    0x5046355c,
-    0x5046b572,
-    0x50473584,
-    0x5047b599,
-    0x504835bf,
-    0x5048b5cd,
-    0x504935e0,
-    0x5049b5f5,
-    0x504a360b,
-    0x504ab61b,
-    0x504b363b,
-    0x504bb64e,
-    0x504c3671,
-    0x504cb69f,
-    0x504d36b1,
-    0x504db6ce,
-    0x504e36e9,
-    0x504eb705,
-    0x504f3717,
-    0x504fb72e,
-    0x5050373d,
+    0x50453572,
+    0x5045b590,
+    0x504635a3,
+    0x5046b5b9,
+    0x504735cb,
+    0x5047b5e0,
+    0x50483606,
+    0x5048b614,
+    0x50493627,
+    0x5049b63c,
+    0x504a3652,
+    0x504ab662,
+    0x504b3682,
+    0x504bb695,
+    0x504c36b8,
+    0x504cb6e6,
+    0x504d36f8,
+    0x504db715,
+    0x504e3730,
+    0x504eb74c,
+    0x504f375e,
+    0x504fb775,
+    0x50503784,
     0x505086f1,
-    0x50513750,
+    0x50513797,
     0x58320f65,
     0x68320f27,
     0x68328c7f,
@@ -1352,12 +1355,15 @@ const char kOpenSSLReasonStringData[] =
     "CERT_ALREADY_IN_HASH_TABLE\0"
     "CRL_ALREADY_DELTA\0"
     "CRL_VERIFY_FAILURE\0"
+    "DELTA_CRL_WITHOUT_CRL_NUMBER\0"
     "IDP_MISMATCH\0"
     "INVALID_DIRECTORY\0"
+    "INVALID_FIELD_FOR_VERSION\0"
     "INVALID_FIELD_NAME\0"
     "INVALID_PARAMETER\0"
     "INVALID_PSS_PARAMETERS\0"
     "INVALID_TRUST\0"
+    "INVALID_VERSION\0"
     "ISSUER_MISMATCH\0"
     "KEY_TYPE_MISMATCH\0"
     "KEY_VALUES_MISMATCH\0"
diff --git a/chromium/third_party/boringssl/src/CMakeLists.txt b/chromium/third_party/boringssl/src/CMakeLists.txt
index 75bf9981b0b..c266e1267b1 100644
--- a/chromium/third_party/boringssl/src/CMakeLists.txt
+++ b/chromium/third_party/boringssl/src/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.0)
+cmake_minimum_required(VERSION 3.3)
 
 # Defer enabling C and CXX languages.
 project(BoringSSL NONE)
@@ -471,7 +471,7 @@ elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "amd64")
   set(ARCH "x86_64")
 elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "AMD64")
   # cmake reports AMD64 on Windows, but we might be building for 32-bit.
-  if(CMAKE_CL_64)
+  if(CMAKE_SIZEOF_VOID_P EQUAL 8)
     set(ARCH "x86_64")
   else()
     set(ARCH "x86")
@@ -573,10 +573,21 @@ include_directories(third_party/googletest/include)
 # themselves as dependencies next to the target definition.
 add_custom_target(all_tests)
 
+# On Windows, CRYPTO_TEST_DATA is too long to fit in command-line limits.
+# TODO(davidben): CMake 3.12 has a list(JOIN) command. Use that when we've
+# updated the minimum version.
+set(EMBED_TEST_DATA_ARGS "")
+foreach(arg ${CRYPTO_TEST_DATA})
+  set(EMBED_TEST_DATA_ARGS "${EMBED_TEST_DATA_ARGS}${arg}\n")
+endforeach()
+file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/embed_test_data_args.txt"
+     "${EMBED_TEST_DATA_ARGS}")
+
 add_custom_command(
   OUTPUT crypto_test_data.cc
-  COMMAND ${GO_EXECUTABLE} run util/embed_test_data.go ${CRYPTO_TEST_DATA} >
-  ${CMAKE_CURRENT_BINARY_DIR}/crypto_test_data.cc
+  COMMAND ${GO_EXECUTABLE} run util/embed_test_data.go -file-list
+          "${CMAKE_CURRENT_BINARY_DIR}/embed_test_data_args.txt" >
+          "${CMAKE_CURRENT_BINARY_DIR}/crypto_test_data.cc"
   DEPENDS util/embed_test_data.go ${CRYPTO_TEST_DATA}
   WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
 
@@ -602,11 +613,6 @@ if(FUZZ)
   add_subdirectory(fuzz)
 endif()
 
-if(NOT ${CMAKE_VERSION} VERSION_LESS "3.2")
-  # USES_TERMINAL is only available in CMake 3.2 or later.
-  set(MAYBE_USES_TERMINAL USES_TERMINAL)
-endif()
-
 if(UNIX AND NOT APPLE AND NOT ANDROID)
   set(HANDSHAKER_ARGS "-handshaker-path" $<TARGET_FILE:handshaker>)
 endif()
@@ -620,4 +626,4 @@ add_custom_target(
               ${HANDSHAKER_ARGS} ${RUNNER_ARGS}
     WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
     DEPENDS all_tests bssl_shim handshaker
-    ${MAYBE_USES_TERMINAL})
+    USES_TERMINAL)
diff --git a/chromium/third_party/boringssl/src/SANDBOXING.md b/chromium/third_party/boringssl/src/SANDBOXING.md
index 95ac6e81c1f..b1a32df51fb 100644
--- a/chromium/third_party/boringssl/src/SANDBOXING.md
+++ b/chromium/third_party/boringssl/src/SANDBOXING.md
@@ -64,7 +64,12 @@ should ensure this regardless.
 Any BoringSSL function may draw entropy from the OS. On Windows, this uses
 `RtlGenRandom` and, on POSIX systems, this uses `getrandom`, `getentropy`, or a
 `read` from a file descriptor to `/dev/urandom`. These operations must succeed
-or BoringSSL will abort the process.
+or BoringSSL will abort the process. BoringSSL only probes for `getrandom`
+support once and assumes support is consistent for the lifetime of the address
+space (and any copies made via `fork`). If a syscall-filtering sandbox is
+enabled partway through this lifetime and changes whether `getrandom` works,
+BoringSSL may abort the process. Sandboxes are recommended to allow
+`getrandom`.
 
 Note even deterministic algorithms may require OS entropy. For example,
 RSASSA-PKCS1-v1_5 is deterministic, but BoringSSL draws entropy to implement
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/a_bitstr.c b/chromium/third_party/boringssl/src/crypto/asn1/a_bitstr.c
index 39426389e0f..4024ed2b247 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/a_bitstr.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/a_bitstr.c
@@ -70,7 +70,7 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
     return M_ASN1_BIT_STRING_set(x, d, len);
 }
 
-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, unsigned char **pp)
 {
     int ret, j, bits, len;
     unsigned char *p, *d;
@@ -233,7 +233,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
     return (1);
 }
 
-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
 {
     int w, v;
 
@@ -250,7 +250,7 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
  * which is not specified in 'flags', 1 otherwise.
  * 'len' is the length of 'flags'.
  */
-int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
                           unsigned char *flags, int flags_len)
 {
     int i, ok;
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/a_enum.c b/chromium/third_party/boringssl/src/crypto/asn1/a_enum.c
index 11e60ac39cc..b99663b2240 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/a_enum.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/a_enum.c
@@ -108,7 +108,7 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
     return (1);
 }
 
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
 {
     int neg = 0, i;
 
@@ -147,7 +147,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
     return r;
 }
 
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
 {
     ASN1_ENUMERATED *ret;
     int len, j;
@@ -183,7 +183,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
     return (NULL);
 }
 
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
 {
     BIGNUM *ret;
 
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/a_int.c b/chromium/third_party/boringssl/src/crypto/asn1/a_int.c
index 7b483f2d4b8..2eda6c08dce 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/a_int.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/a_int.c
@@ -115,7 +115,7 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
  * followed by optional zeros isn't padded.
  */
 
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+int i2c_ASN1_INTEGER(const ASN1_INTEGER *a, unsigned char **pp)
 {
     int pad = 0, ret, i, neg;
     unsigned char *p, *n, pb = 0;
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/a_object.c b/chromium/third_party/boringssl/src/crypto/asn1/a_object.c
index 97335bfd88b..aa98453ef03 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/a_object.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/a_object.c
@@ -66,7 +66,7 @@
 #include "../internal.h"
 
 
-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
 {
     unsigned char *p, *allocated = NULL;
     int objsize;
@@ -98,12 +98,12 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
     return objsize;
 }
 
-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
 {
     return OBJ_obj2txt(buf, buf_len, a, 0);
 }
 
-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
 {
     char buf[80], *p = buf;
     int i;
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/a_time.c b/chromium/third_party/boringssl/src/crypto/asn1/a_time.c
index 51aae5d9fa7..98a9c3e6581 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/a_time.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/a_time.c
@@ -100,7 +100,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
     return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
 }
 
-int ASN1_TIME_check(ASN1_TIME *t)
+int ASN1_TIME_check(const ASN1_TIME *t)
 {
     if (t->type == V_ASN1_GENERALIZEDTIME)
         return ASN1_GENERALIZEDTIME_check(t);
@@ -110,7 +110,7 @@ int ASN1_TIME_check(ASN1_TIME *t)
 }
 
 /* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
                                                    ASN1_GENERALIZEDTIME **out)
 {
     ASN1_GENERALIZEDTIME *ret = NULL;
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/a_type.c b/chromium/third_party/boringssl/src/crypto/asn1/a_type.c
index 734ff8b4d4e..c12edfafc1c 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/a_type.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/a_type.c
@@ -61,7 +61,7 @@
 #include <openssl/mem.h>
 #include <openssl/obj.h>
 
-int ASN1_TYPE_get(ASN1_TYPE *a)
+int ASN1_TYPE_get(const ASN1_TYPE *a)
 {
     if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
         return (a->type);
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/asn1_lib.c b/chromium/third_party/boringssl/src/crypto/asn1/asn1_lib.c
index 8526aba3894..10910091779 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/asn1_lib.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/asn1_lib.c
@@ -430,7 +430,7 @@ void ASN1_STRING_length_set(ASN1_STRING *x, int len)
     return;
 }
 
-int ASN1_STRING_type(ASN1_STRING *x)
+int ASN1_STRING_type(const ASN1_STRING *x)
 {
     return M_ASN1_STRING_type(x);
 }
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/asn1_test.cc b/chromium/third_party/boringssl/src/crypto/asn1/asn1_test.cc
index ff80e492e1c..7f71c8c87e3 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/asn1_test.cc
+++ b/chromium/third_party/boringssl/src/crypto/asn1/asn1_test.cc
@@ -174,7 +174,7 @@ TEST(ASN1Test, SerializeObject) {
   static const uint8_t kDER[] = {0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
                                  0xf7, 0x0d, 0x01, 0x01, 0x01};
   const ASN1_OBJECT *obj = OBJ_nid2obj(NID_rsaEncryption);
-  TestSerialize(const_cast<ASN1_OBJECT *>(obj), i2d_ASN1_OBJECT, kDER);
+  TestSerialize(obj, i2d_ASN1_OBJECT, kDER);
 }
 
 TEST(ASN1Test, SerializeBoolean) {
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/asn_pack.c b/chromium/third_party/boringssl/src/crypto/asn1/asn_pack.c
index eff54e55c64..3c7116ed320 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/asn_pack.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/asn_pack.c
@@ -93,7 +93,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 
 /* Extract an ASN1 object from an ASN1_STRING */
 
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
 {
     const unsigned char *p;
     void *ret;
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/f_enum.c b/chromium/third_party/boringssl/src/crypto/asn1/f_enum.c
index 7ce479dc4f1..e28755d0292 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/f_enum.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/f_enum.c
@@ -60,7 +60,7 @@
 
 /* Based on a_int.c: equivalent ENUMERATED functions */
 
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a)
 {
     int i, n = 0;
     static const char *h = "0123456789ABCDEF";
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/f_int.c b/chromium/third_party/boringssl/src/crypto/asn1/f_int.c
index 79ea152b6c7..25338d886b9 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/f_int.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/f_int.c
@@ -58,7 +58,7 @@
 
 #include <openssl/bio.h>
 
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
 {
     int i, n = 0;
     static const char *h = "0123456789ABCDEF";
diff --git a/chromium/third_party/boringssl/src/crypto/asn1/f_string.c b/chromium/third_party/boringssl/src/crypto/asn1/f_string.c
index 97c6ae7de3d..01d9dec0028 100644
--- a/chromium/third_party/boringssl/src/crypto/asn1/f_string.c
+++ b/chromium/third_party/boringssl/src/crypto/asn1/f_string.c
@@ -58,7 +58,7 @@
 
 #include <openssl/bio.h>
 
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type)
 {
     int i, n = 0;
     static const char *h = "0123456789ABCDEF";
diff --git a/chromium/third_party/boringssl/src/crypto/cipher_extra/cipher_test.cc b/chromium/third_party/boringssl/src/crypto/cipher_extra/cipher_test.cc
index 5ff308caa7e..af7e0e7ab74 100644
--- a/chromium/third_party/boringssl/src/crypto/cipher_extra/cipher_test.cc
+++ b/chromium/third_party/boringssl/src/crypto/cipher_extra/cipher_test.cc
@@ -61,8 +61,10 @@
 
 #include <gtest/gtest.h>
 
+#include <openssl/aes.h>
 #include <openssl/cipher.h>
 #include <openssl/err.h>
+#include <openssl/nid.h>
 #include <openssl/span.h>
 
 #include "../test/file_test.h"
@@ -221,6 +223,91 @@ static void TestOperation(FileTest *t, const EVP_CIPHER *cipher, bool encrypt,
         EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag.size(), rtag));
     EXPECT_EQ(Bytes(tag), Bytes(rtag, tag.size()));
   }
+
+  // Additionally test low-level AES mode APIs. Skip runs where |copy| because
+  // it does not apply.
+  if (!copy) {
+    int nid = EVP_CIPHER_nid(cipher);
+    bool is_ctr = nid == NID_aes_128_ctr || nid == NID_aes_192_ctr ||
+                  nid == NID_aes_256_ctr;
+    bool is_cbc = nid == NID_aes_128_cbc || nid == NID_aes_192_cbc ||
+                  nid == NID_aes_256_cbc;
+    bool is_ofb = nid == NID_aes_128_ofb128 || nid == NID_aes_192_ofb128 ||
+                  nid == NID_aes_256_ofb128;
+    if (is_ctr || is_cbc || is_ofb) {
+      AES_KEY aes;
+      if (encrypt || !is_cbc) {
+        ASSERT_EQ(0, AES_set_encrypt_key(key.data(), key.size() * 8, &aes));
+      } else {
+        ASSERT_EQ(0, AES_set_decrypt_key(key.data(), key.size() * 8, &aes));
+      }
+
+      // The low-level APIs all work in-place.
+      bssl::Span<const uint8_t> input = *in;
+      result.clear();
+      if (in_place) {
+        result = *in;
+        input = result;
+      } else {
+        result.resize(out->size());
+      }
+      bssl::Span<uint8_t> output = bssl::MakeSpan(result);
+      ASSERT_EQ(input.size(), output.size());
+
+      // The low-level APIs all use block-size IVs.
+      ASSERT_EQ(iv.size(), size_t{AES_BLOCK_SIZE});
+      uint8_t ivec[AES_BLOCK_SIZE];
+      OPENSSL_memcpy(ivec, iv.data(), iv.size());
+
+      if (is_ctr) {
+        unsigned num = 0;
+        uint8_t ecount_buf[AES_BLOCK_SIZE];
+        if (chunk_size == 0) {
+          AES_ctr128_encrypt(input.data(), output.data(), input.size(), &aes,
+                             ivec, ecount_buf, &num);
+        } else {
+          do {
+            size_t todo = std::min(input.size(), chunk_size);
+            AES_ctr128_encrypt(input.data(), output.data(), todo, &aes, ivec,
+                               ecount_buf, &num);
+            input = input.subspan(todo);
+            output = output.subspan(todo);
+          } while (!input.empty());
+        }
+        EXPECT_EQ(Bytes(*out), Bytes(result));
+      } else if (is_cbc && chunk_size % AES_BLOCK_SIZE == 0) {
+        // Note |AES_cbc_encrypt| requires block-aligned chunks.
+        if (chunk_size == 0) {
+          AES_cbc_encrypt(input.data(), output.data(), input.size(), &aes, ivec,
+                          encrypt);
+        } else {
+          do {
+            size_t todo = std::min(input.size(), chunk_size);
+            AES_cbc_encrypt(input.data(), output.data(), todo, &aes, ivec,
+                            encrypt);
+            input = input.subspan(todo);
+            output = output.subspan(todo);
+          } while (!input.empty());
+        }
+        EXPECT_EQ(Bytes(*out), Bytes(result));
+      } else if (is_ofb) {
+        int num = 0;
+        if (chunk_size == 0) {
+          AES_ofb128_encrypt(input.data(), output.data(), input.size(), &aes,
+                             ivec, &num);
+        } else {
+          do {
+            size_t todo = std::min(input.size(), chunk_size);
+            AES_ofb128_encrypt(input.data(), output.data(), todo, &aes, ivec,
+                               &num);
+            input = input.subspan(todo);
+            output = output.subspan(todo);
+          } while (!input.empty());
+        }
+        EXPECT_EQ(Bytes(*out), Bytes(result));
+      }
+    }
+  }
 }
 
 static void TestCipher(FileTest *t) {
diff --git a/chromium/third_party/boringssl/src/crypto/cipher_extra/tls_cbc.c b/chromium/third_party/boringssl/src/crypto/cipher_extra/tls_cbc.c
index 52353f2a57f..5e97a1cd3ad 100644
--- a/chromium/third_party/boringssl/src/crypto/cipher_extra/tls_cbc.c
+++ b/chromium/third_party/boringssl/src/crypto/cipher_extra/tls_cbc.c
@@ -133,6 +133,7 @@ void EVP_tls_cbc_copy_mac(uint8_t *out, size_t md_size, const uint8_t *in,
   assert(orig_len >= in_len);
   assert(in_len >= md_size);
   assert(md_size <= EVP_MAX_MD_SIZE);
+  assert(md_size > 0);
 
   // scan_start contains the number of bytes that we can ignore because
   // the MAC's position can only vary by 255 bytes.
diff --git a/chromium/third_party/boringssl/src/crypto/err/x509.errordata b/chromium/third_party/boringssl/src/crypto/err/x509.errordata
index 6ed8fa35615..ffa42676be2 100644
--- a/chromium/third_party/boringssl/src/crypto/err/x509.errordata
+++ b/chromium/third_party/boringssl/src/crypto/err/x509.errordata
@@ -6,13 +6,16 @@ X509,104,CANT_CHECK_DH_KEY
 X509,105,CERT_ALREADY_IN_HASH_TABLE
 X509,106,CRL_ALREADY_DELTA
 X509,107,CRL_VERIFY_FAILURE
+X509,138,DELTA_CRL_WITHOUT_CRL_NUMBER
 X509,108,IDP_MISMATCH
 X509,109,INVALID_BIT_STRING_BITS_LEFT
 X509,110,INVALID_DIRECTORY
+X509,139,INVALID_FIELD_FOR_VERSION
 X509,111,INVALID_FIELD_NAME
 X509,136,INVALID_PARAMETER
 X509,112,INVALID_PSS_PARAMETERS
 X509,113,INVALID_TRUST
+X509,140,INVALID_VERSION
 X509,114,ISSUER_MISMATCH
 X509,115,KEY_TYPE_MISMATCH
 X509,116,KEY_VALUES_MISMATCH
diff --git a/chromium/third_party/boringssl/src/crypto/fipsmodule/aes/mode_wrappers.c b/chromium/third_party/boringssl/src/crypto/fipsmodule/aes/mode_wrappers.c
index 206fcfd49ec..d29fb27ebb3 100644
--- a/chromium/third_party/boringssl/src/crypto/fipsmodule/aes/mode_wrappers.c
+++ b/chromium/third_party/boringssl/src/crypto/fipsmodule/aes/mode_wrappers.c
@@ -57,7 +57,23 @@
 void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
                         const AES_KEY *key, uint8_t ivec[AES_BLOCK_SIZE],
                         uint8_t ecount_buf[AES_BLOCK_SIZE], unsigned int *num) {
-  CRYPTO_ctr128_encrypt(in, out, len, key, ivec, ecount_buf, num, AES_encrypt);
+  if (hwaes_capable()) {
+    CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, ivec, ecount_buf, num,
+                                aes_hw_ctr32_encrypt_blocks);
+  } else if (vpaes_capable()) {
+#if defined(VPAES_CTR32)
+    // TODO(davidben): On ARM, where |BSAES| is additionally defined, this could
+    // use |vpaes_ctr32_encrypt_blocks_with_bsaes|.
+    CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, ivec, ecount_buf, num,
+                                vpaes_ctr32_encrypt_blocks);
+#else
+    CRYPTO_ctr128_encrypt(in, out, len, key, ivec, ecount_buf, num,
+                          vpaes_encrypt);
+#endif
+  } else {
+    CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, ivec, ecount_buf, num,
+                                aes_nohw_ctr32_encrypt_blocks);
+  }
 }
 
 void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key,
diff --git a/chromium/third_party/boringssl/src/crypto/fipsmodule/rand/urandom.c b/chromium/third_party/boringssl/src/crypto/fipsmodule/rand/urandom.c
index bf15edae1c4..bae3fc3573d 100644
--- a/chromium/third_party/boringssl/src/crypto/fipsmodule/rand/urandom.c
+++ b/chromium/third_party/boringssl/src/crypto/fipsmodule/rand/urandom.c
@@ -95,17 +95,10 @@ static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) {
 
 #endif  // USE_NR_getrandom
 
-// rand_lock is used to protect the |*_requested| variables.
-DEFINE_STATIC_MUTEX(rand_lock)
-
-// The following constants are magic values of |urandom_fd|.
-static const int kUnset = 0;
+// kHaveGetrandom in |urandom_fd| signals that |getrandom| or |getentropy| is
+// available and should be used instead.
 static const int kHaveGetrandom = -3;
 
-// urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by
-// |rand_lock|.
-DEFINE_BSS_GET(int, urandom_fd_requested)
-
 // urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|.
 DEFINE_BSS_GET(int, urandom_fd)
 
@@ -144,14 +137,9 @@ static void maybe_set_extra_getrandom_flags(void) {
 DEFINE_STATIC_ONCE(rand_once)
 
 // init_once initializes the state of this module to values previously
-// requested. This is the only function that modifies |urandom_fd| and
-// |urandom_buffering|, whose values may be read safely after calling the
-// once.
+// requested. This is the only function that modifies |urandom_fd|, which may be
+// read safely after calling the once.
 static void init_once(void) {
-  CRYPTO_STATIC_MUTEX_lock_read(rand_lock_bss_get());
-  int fd = *urandom_fd_requested_bss_get();
-  CRYPTO_STATIC_MUTEX_unlock_read(rand_lock_bss_get());
-
 #if defined(USE_NR_getrandom)
   int have_getrandom;
   uint8_t dummy;
@@ -194,31 +182,16 @@ static void init_once(void) {
   abort();
 #endif
 
-  if (fd == kUnset) {
-    do {
-      fd = open("/dev/urandom", O_RDONLY);
-    } while (fd == -1 && errno == EINTR);
-  }
+  int fd;
+  do {
+    fd = open("/dev/urandom", O_RDONLY);
+  } while (fd == -1 && errno == EINTR);
 
   if (fd < 0) {
     perror("failed to open /dev/urandom");
     abort();
   }
 
-  assert(kUnset == 0);
-  if (fd == kUnset) {
-    // Because we want to keep |urandom_fd| in the BSS, we have to initialise
-    // it to zero. But zero is a valid file descriptor too. Thus if open
-    // returns zero for /dev/urandom, we dup it to get a non-zero number.
-    fd = dup(fd);
-    close(kUnset);
-
-    if (fd <= 0) {
-      perror("failed to dup /dev/urandom fd");
-      abort();
-    }
-  }
-
   int flags = fcntl(fd, F_GETFD);
   if (flags == -1) {
     // Native Client doesn't implement |fcntl|.
@@ -307,40 +280,6 @@ static void wait_for_entropy(void) {
 #endif  // BORINGSSL_FIPS
 }
 
-void RAND_set_urandom_fd(int fd) {
-  fd = dup(fd);
-  if (fd < 0) {
-    perror("failed to dup supplied urandom fd");
-    abort();
-  }
-
-  assert(kUnset == 0);
-  if (fd == kUnset) {
-    // Because we want to keep |urandom_fd| in the BSS, we have to initialise
-    // it to zero. But zero is a valid file descriptor too. Thus if dup
-    // returned zero we dup it again to get a non-zero number.
-    fd = dup(fd);
-    close(kUnset);
-
-    if (fd <= 0) {
-      perror("failed to dup supplied urandom fd");
-      abort();
-    }
-  }
-
-  CRYPTO_STATIC_MUTEX_lock_write(rand_lock_bss_get());
-  *urandom_fd_requested_bss_get() = fd;
-  CRYPTO_STATIC_MUTEX_unlock_write(rand_lock_bss_get());
-
-  CRYPTO_init_sysrand();
-  if (*urandom_fd_bss_get() == kHaveGetrandom) {
-    close(fd);
-  } else if (*urandom_fd_bss_get() != fd) {
-    fprintf(stderr, "RAND_set_urandom_fd called after initialisation.\n");
-    abort();
-  }
-}
-
 // fill_with_entropy writes |len| bytes of entropy into |out|. It returns one
 // on success and zero on error. If |block| is one, this function will block
 // until the entropy pool is initialized. Otherwise, this function may fail,
diff --git a/chromium/third_party/boringssl/src/crypto/fipsmodule/self_check/self_check.c b/chromium/third_party/boringssl/src/crypto/fipsmodule/self_check/self_check.c
index d8a61c39281..4b954b77d4d 100644
--- a/chromium/third_party/boringssl/src/crypto/fipsmodule/self_check/self_check.c
+++ b/chromium/third_party/boringssl/src/crypto/fipsmodule/self_check/self_check.c
@@ -21,6 +21,7 @@
 #include <openssl/aes.h>
 #include <openssl/bn.h>
 #include <openssl/des.h>
+#include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/ec_key.h>
 #include <openssl/nid.h>
@@ -430,11 +431,44 @@ int boringssl_fips_self_test(
       0xba, 0x4d, 0xd9, 0x86, 0x77, 0xda, 0x7d, 0x8f, 0xef, 0xc4, 0x1a,
       0xf0, 0xcc, 0x81, 0xe5, 0xea, 0x3f, 0xc2, 0x41, 0x7f, 0xd8,
   };
+  // kP256Point is SHA256("Primitive Z Computation KAT")×G within P-256.
+  const uint8_t kP256Point[65] = {
+      0x04, 0x4e, 0xc1, 0x94, 0x8c, 0x5c, 0xf4, 0x37, 0x35, 0x0d, 0xa3,
+      0xf9, 0x55, 0xf9, 0x8b, 0x26, 0x23, 0x5c, 0x43, 0xe0, 0x83, 0x51,
+      0x2b, 0x0d, 0x4b, 0x56, 0x24, 0xc3, 0xe4, 0xa5, 0xa8, 0xe2, 0xe9,
+      0x95, 0xf2, 0xc4, 0xb9, 0xb7, 0x48, 0x7d, 0x2a, 0xae, 0xc5, 0xc0,
+      0x0a, 0xcc, 0x1b, 0xd0, 0xec, 0xb8, 0xdc, 0xbe, 0x0c, 0xbe, 0x52,
+      0x79, 0x93, 0x7c, 0x0b, 0x92, 0x2b, 0x7f, 0x17, 0xa5, 0x80,
+  };
+  // kP256Scalar is SHA256("Primitive Z Computation KAT scalar").
+  const uint8_t kP256Scalar[32] = {
+      0xe7, 0x60, 0x44, 0x91, 0x26, 0x9a, 0xfb, 0x5b, 0x10, 0x2d, 0x6e,
+      0xa5, 0x2c, 0xb5, 0x9f, 0xeb, 0x70, 0xae, 0xde, 0x6c, 0xe3, 0xbf,
+      0xb3, 0xe0, 0x10, 0x54, 0x85, 0xab, 0xd8, 0x61, 0xd7, 0x7b,
+  };
+  // kP256PointResult is |kP256Scalar|×|kP256Point|.
+  const uint8_t kP256PointResult[65] = {
+      0x04, 0xf1, 0x63, 0x00, 0x88, 0xc5, 0xd5, 0xe9, 0x05, 0x52, 0xac,
+      0xb6, 0xec, 0x68, 0x76, 0xb8, 0x73, 0x7f, 0x0f, 0x72, 0x34, 0xe6,
+      0xbb, 0x30, 0x32, 0x22, 0x37, 0xb6, 0x2a, 0x80, 0xe8, 0x9e, 0x6e,
+      0x6f, 0x36, 0x02, 0xe7, 0x21, 0xd2, 0x31, 0xdb, 0x94, 0x63, 0xb7,
+      0xd8, 0x19, 0x0e, 0xc2, 0xc0, 0xa7, 0x2f, 0x15, 0x49, 0x1a, 0xa2,
+      0x7c, 0x41, 0x8f, 0xaf, 0x9c, 0x40, 0xaf, 0x2e, 0x4a,
+#if !defined(BORINGSSL_FIPS_BREAK_Z_COMPUTATION)
+      0x0c,
+#else
+      0x00,
+#endif
+  };
 
   EVP_AEAD_CTX aead_ctx;
   EVP_AEAD_CTX_zero(&aead_ctx);
   RSA *rsa_key = NULL;
   EC_KEY *ec_key = NULL;
+  EC_GROUP *ec_group = NULL;
+  EC_POINT *ec_point_in = NULL;
+  EC_POINT *ec_point_out = NULL;
+  BIGNUM *ec_scalar = NULL;
   ECDSA_SIG *sig = NULL;
   int ret = 0;
 
@@ -602,6 +636,30 @@ int boringssl_fips_self_test(
     goto err;
   }
 
+  // Primitive Z Computation KAT (IG 9.6).
+  ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
+  if (ec_group == NULL) {
+    fprintf(stderr, "Failed to create P-256 group.\n");
+    goto err;
+  }
+  ec_point_in = EC_POINT_new(ec_group);
+  ec_point_out = EC_POINT_new(ec_group);
+  ec_scalar = BN_new();
+  uint8_t z_comp_result[65];
+  if (ec_point_in == NULL || ec_point_out == NULL || ec_scalar == NULL ||
+      !EC_POINT_oct2point(ec_group, ec_point_in, kP256Point, sizeof(kP256Point),
+                          NULL) ||
+      !BN_bin2bn(kP256Scalar, sizeof(kP256Scalar), ec_scalar) ||
+      !EC_POINT_mul(ec_group, ec_point_out, NULL, ec_point_in, ec_scalar,
+                    NULL) ||
+      !EC_POINT_point2oct(ec_group, ec_point_out, POINT_CONVERSION_UNCOMPRESSED,
+                          z_comp_result, sizeof(z_comp_result), NULL) ||
+      !check_test(kP256PointResult, z_comp_result, sizeof(z_comp_result),
+                  "Z Computation Result")) {
+    fprintf(stderr, "Z Computation KAT failed.\n");
+    goto err;
+  }
+
   // DBRG KAT
   CTR_DRBG_STATE drbg;
   if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization,
@@ -642,6 +700,10 @@ err:
   EVP_AEAD_CTX_cleanup(&aead_ctx);
   RSA_free(rsa_key);
   EC_KEY_free(ec_key);
+  EC_POINT_free(ec_point_in);
+  EC_POINT_free(ec_point_out);
+  EC_GROUP_free(ec_group);
+  BN_free(ec_scalar);
   ECDSA_SIG_free(sig);
 
   return ret;
diff --git a/chromium/third_party/boringssl/src/crypto/mem.c b/chromium/third_party/boringssl/src/crypto/mem.c
index 291d8d0cc55..0491f150b49 100644
--- a/chromium/third_party/boringssl/src/crypto/mem.c
+++ b/chromium/third_party/boringssl/src/crypto/mem.c
@@ -72,6 +72,8 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
 
 
 #define OPENSSL_MALLOC_PREFIX 8
+OPENSSL_STATIC_ASSERT(OPENSSL_MALLOC_PREFIX >= sizeof(size_t),
+                      "size_t too large");
 
 #if defined(OPENSSL_ASAN)
 void __asan_poison_memory_region(const volatile void *addr, size_t size);
@@ -101,13 +103,21 @@ static void __asan_unpoison_memory_region(const void *addr, size_t size) {}
 // linked. This isn't an ideal result, but its helps in some cases.
 WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags));
 
-// The following two functions are for memory tracking. They are no-ops by
-// default but can be overridden at link time if the application needs to
-// observe heap operations.
-WEAK_SYMBOL_FUNC(void, OPENSSL_track_memory_alloc, (void *ptr, size_t size));
-WEAK_SYMBOL_FUNC(void, OPENSSL_track_memory_free, (void *ptr, size_t size));
+// The following three functions can be defined to override default heap
+// allocation and freeing. If defined, it is the responsibility of
+// |OPENSSL_memory_free| to zero out the memory before returning it to the
+// system. |OPENSSL_memory_free| will not be passed NULL pointers.
+WEAK_SYMBOL_FUNC(void*, OPENSSL_memory_alloc, (size_t size));
+WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr));
+WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr));
 
 void *OPENSSL_malloc(size_t size) {
+  if (OPENSSL_memory_alloc != NULL) {
+    assert(OPENSSL_memory_free != NULL);
+    assert(OPENSSL_memory_get_size != NULL);
+    return OPENSSL_memory_alloc(size);
+  }
+
   if (size + OPENSSL_MALLOC_PREFIX < size) {
     return NULL;
   }
@@ -120,9 +130,6 @@ void *OPENSSL_malloc(size_t size) {
   *(size_t *)ptr = size;
 
   __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
-  if (OPENSSL_track_memory_alloc) {
-    OPENSSL_track_memory_alloc(ptr, size + OPENSSL_MALLOC_PREFIX);
-  }
   return ((uint8_t *)ptr) + OPENSSL_MALLOC_PREFIX;
 }
 
@@ -131,13 +138,15 @@ void OPENSSL_free(void *orig_ptr) {
     return;
   }
 
+  if (OPENSSL_memory_free != NULL) {
+    OPENSSL_memory_free(orig_ptr);
+    return;
+  }
+
   void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;
   __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
 
   size_t size = *(size_t *)ptr;
-  if (OPENSSL_track_memory_free) {
-    OPENSSL_track_memory_free(ptr, size + OPENSSL_MALLOC_PREFIX);
-  }
   OPENSSL_cleanse(ptr, size + OPENSSL_MALLOC_PREFIX);
   if (sdallocx) {
     sdallocx(ptr, size + OPENSSL_MALLOC_PREFIX, 0 /* flags */);
@@ -151,10 +160,15 @@ void *OPENSSL_realloc(void *orig_ptr, size_t new_size) {
     return OPENSSL_malloc(new_size);
   }
 
-  void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;
-  __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
-  size_t old_size = *(size_t *)ptr;
-  __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
+  size_t old_size;
+  if (OPENSSL_memory_get_size != NULL) {
+    old_size = OPENSSL_memory_get_size(orig_ptr);
+  } else {
+    void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;
+    __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
+    old_size = *(size_t *)ptr;
+    __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
+  }
 
   void *ret = OPENSSL_malloc(new_size);
   if (ret == NULL) {
diff --git a/chromium/third_party/boringssl/src/crypto/x509/a_strex.c b/chromium/third_party/boringssl/src/crypto/x509/a_strex.c
index 6dc183acf0f..eeec5d15e70 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/a_strex.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/a_strex.c
@@ -296,7 +296,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
  */
 
 static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
-                   ASN1_STRING *str)
+                   const ASN1_STRING *str)
 {
     /*
      * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
@@ -354,7 +354,7 @@ static const signed char tag2nbyte[] = {
  */
 
 static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
-                       ASN1_STRING *str)
+                       const ASN1_STRING *str)
 {
     int outlen, len;
     int type;
@@ -610,13 +610,13 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
 }
 #endif
 
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
 {
     return do_print_ex(send_bio_chars, out, flags, str);
 }
 
 #ifndef OPENSSL_NO_FP_API
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
 {
     return do_print_ex(send_fp_chars, fp, flags, str);
 }
diff --git a/chromium/third_party/boringssl/src/crypto/x509/algorithm.c b/chromium/third_party/boringssl/src/crypto/x509/algorithm.c
index 8f53fff6dbd..b9f3314c9be 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/algorithm.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/algorithm.c
@@ -142,6 +142,14 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg,
     return 0;
   }
 
+  /* RSA signature algorithms include an explicit NULL parameter but we also
+   * accept omitted values for compatibility. Other algorithms must omit it. */
+  if (sigalg->parameter != NULL && (pkey_nid != EVP_PKEY_RSA ||
+                                    sigalg->parameter->type != V_ASN1_NULL)) {
+    OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER);
+    return 0;
+  }
+
   /* Otherwise, initialize with the digest from the OID. */
   const EVP_MD *digest = EVP_get_digestbynid(digest_nid);
   if (digest == NULL) {
diff --git a/chromium/third_party/boringssl/src/crypto/x509/asn1_gen.c b/chromium/third_party/boringssl/src/crypto/x509/asn1_gen.c
index 98a6facd012..f61fdde831c 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/asn1_gen.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/asn1_gen.c
@@ -123,7 +123,7 @@ typedef struct {
     int exp_count;
 } tag_exp_arg;
 
-static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
                               int *perr);
 static int bitstr_cb(const char *elem, int len, void *bitstr);
 static int asn1_cb(const char *elem, int len, void *bitstr);
@@ -136,7 +136,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
 static int asn1_str2tag(const char *tagstr, int len);
 
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf)
 {
     X509V3_CTX cnf;
 
@@ -147,7 +147,7 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
     return ASN1_generate_v3(str, &cnf);
 }
 
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
 {
     int err = 0;
     ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
@@ -156,7 +156,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
     return ret;
 }
 
-static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
                               int *perr)
 {
     ASN1_TYPE *ret;
diff --git a/chromium/third_party/boringssl/src/crypto/x509/make_many_constraints.go b/chromium/third_party/boringssl/src/crypto/x509/make_many_constraints.go
deleted file mode 100644
index 578618dfbfc..00000000000
--- a/chromium/third_party/boringssl/src/crypto/x509/make_many_constraints.go
+++ /dev/null
@@ -1,178 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// make_many_constraints.go generates test certificates many_constraints.pem,
-// many_names*.pem, and some_names*.pem for x509_test.cc
-package main
-
-import (
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/asn1"
-	"encoding/pem"
-	"fmt"
-	"math/big"
-	"os"
-	"time"
-)
-
-const privateKeyPEM = `-----BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6C9qEGRIBQXV8
-Lj29vVu+U+tyXzSSinWIumK5ijPhCm3DLnv4RayxkFwemtnkGRZ/o94ZnsXkBfU/
-IlsYdkuq8wK9WI/ql3gwWjH+KARIhIQcSLGiJcLN6kGuG2nlRBKMcPgPiEq2B0yB
-XFf4tG3CBbeae7+8G7uvOmv8NLyKj32neWpnUCTL5o2VwyPoxjLxT5gUR69v9XSV
-Fj2irCZbsEedeKSb++LqyMhLfnRTzNv+ZHNh4izZHrktR25MvnT5QyBq32hx7AjZ
-2/xo70OmH7w10a2DwsVjJNMdxTEmgyvU9M6CeYRPX1Ykfg+sXCTtkTVAlBDUviIq
-Y95CKy25AgMBAAECggEAHPvvxRiqx2tNRFVn5QF1I4erbJwMcrADc5OmAcXYIz0e
-sIOzaJBiQR9+Wn5BZ9nIuYXr+g3UQpvzAyz1CDCVxUIqsRj1AtUqMk4675+IW0vZ
-0RY6Jkq/uJjANsGqk78xLJQE8VaIXSdx8c1THznsx4dgfT6+Ni4T5U6yuA33OZaw
-4NdYZYtEkqNiqK6VYe4mAxxVh5qscihVVMGkBVqJNiiEotctm1lph8ow+7o8ggXO
-W9xm+RHHPcH7Epx7hjkb/helANcYOK950W5/R+2zWV9R6kxo6R+/hfGFFmCvl4k5
-+i8Y0IlEv3fze1E0Lwyf379i3C/cKcuaE5gwR54BAQKBgQDxlsNy9M37HgguglHt
-8W+cuPNtxNjFCWIjNR9dSvdr1Oi28Z1AY+BBPSv6UBKnT5PpOFjqxfMY/j/zoKdI
-aYX1phgeQHXcHrB1pS8yoaF/pTJSN2Yb8v9kl/Ch1yeYXaNVGmeBLkH9H6wIcUxD
-Mas1i8VUzshzhcluCNGoJj9wUQKBgQDFJOoWncssfWCrsuDWEoeU71Zh3+bD96GF
-s29CdIbHpcbxhWYjA9RM8yxbGPopexzoGcV1HX6j8E1s0xfYZJV23rxoM9Zj9l5D
-mZAJQPxYXIdu3h4PslhZLd3p+DEHjbsLC/avk3M4iZim1FMPBJMswKSL23ysqXoY
-/ynor+W06QKBgHYeu6M6NHgCYAe1ai+Hq4WaHFNgOohkJRqHv7USkVSkvb+s9LDl
-5GChcx4pBmXNj8ko5rirXkerEEOjGgdaqMfJlOM9qyKb0rVCtYfw5RCPCcKPGZqy
-vdJGQ74tf0uNBO34QgE0R8lmMevS0XHNGCPPGgV0MSfikvD82N15De1xAoGAbsZM
-RsMJfAlDPZc4oPEuf/BwMHTYPTsy5map2MSTSzGKdQHJH1myfD6TqOiDALXtyzlX
-63PUShfn2YNPvcbe+Tk00rR1/htcYk2yUpDSenAbpZ9ncth6rjmInURZgG4SMKXb
-SlLnBljCjtN1jFW8wQPKMc/14SslsVAHY3ka8KkCgYB58QNT1YfH3jS62+mT2pXq
-qLjLqvsD742VYnFoHR+HBOnN8ry0dda4lgwM106L5FgSg9DOZvASZ+QGFk+QVQv+
-c77ASWpuhmBmamZCrwZXrq9Xc92RDPkKFqnP9MVv06hYKNp0moSdM8dIaM6uSows
-/r/aDs4oudubz26o5GDKmA==
------END PRIVATE KEY-----`
-
-var privateKey *rsa.PrivateKey
-
-func init() {
-	in := []byte(privateKeyPEM)
-	keyBlock, in := pem.Decode(in)
-	if keyBlock == nil || keyBlock.Type != "PRIVATE KEY" {
-		panic("could not decode private key")
-	}
-	key, err := x509.ParsePKCS8PrivateKey(keyBlock.Bytes)
-	if err != nil {
-		panic(err)
-	}
-	privateKey = key.(*rsa.PrivateKey)
-}
-
-func randOrDie(out []byte) {
-	if _, err := rand.Reader.Read(out); err != nil {
-		panic(err)
-	}
-}
-
-func writePEM(path string, in []byte) {
-	file, err := os.Create(path)
-	if err != nil {
-		panic(err)
-	}
-	defer file.Close()
-	err = pem.Encode(file, &pem.Block{Type: "CERTIFICATE", Bytes: in})
-	if err != nil {
-		panic(err)
-	}
-}
-
-func main() {
-	notBefore, err := time.Parse(time.RFC3339, "2000-01-01T00:00:00Z")
-	if err != nil {
-		panic(err)
-	}
-	notAfter, err := time.Parse(time.RFC3339, "2100-01-01T00:00:00Z")
-	if err != nil {
-		panic(err)
-	}
-
-	caTemplate := x509.Certificate{
-		SerialNumber:          new(big.Int).SetInt64(1),
-		Subject:               pkix.Name{CommonName: "CA"},
-		NotBefore:             notBefore,
-		NotAfter:              notAfter,
-		BasicConstraintsValid: true,
-		IsCA:               true,
-		ExtKeyUsage:        []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		KeyUsage:           x509.KeyUsageCertSign,
-		SignatureAlgorithm: x509.SHA256WithRSA,
-	}
-	for i := 0; i < 513; i++ {
-		caTemplate.ExcludedDNSDomains = append(caTemplate.ExcludedDNSDomains, fmt.Sprintf("x%d.test", i))
-	}
-	for i := 0; i < 513; i++ {
-		caTemplate.PermittedDNSDomains = append(caTemplate.PermittedDNSDomains, fmt.Sprintf("t%d.test", i))
-	}
-	caTemplate.PermittedDNSDomains = append(caTemplate.PermittedDNSDomains, ".test")
-	caBytes, err := x509.CreateCertificate(rand.Reader, &caTemplate, &caTemplate, &privateKey.PublicKey, privateKey)
-	if err != nil {
-		panic(err)
-	}
-	writePEM("many_constraints.pem", caBytes)
-
-	ca, err := x509.ParseCertificate(caBytes)
-	if err != nil {
-		panic(err)
-	}
-
-	leaves := []struct {
-		path   string
-		names  int
-		emails int
-	}{
-		{"many_names1.pem", 513, 513},
-		{"many_names2.pem", 1025, 0},
-		{"many_names3.pem", 1, 1025},
-		{"some_names1.pem", 256, 256},
-		{"some_names2.pem", 513, 0},
-		{"some_names3.pem", 1, 513},
-	}
-	for i, leaf := range leaves {
-		leafTemplate := x509.Certificate{
-			SerialNumber:          new(big.Int).SetInt64(int64(i + 2)),
-			Subject:               pkix.Name{CommonName: "t0.test"},
-			NotBefore:             notBefore,
-			NotAfter:              notAfter,
-			BasicConstraintsValid: true,
-			IsCA:               false,
-			ExtKeyUsage:        []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-			KeyUsage:           x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
-			SignatureAlgorithm: x509.SHA256WithRSA,
-		}
-		for i := 0; i < leaf.names; i++ {
-			leafTemplate.DNSNames = append(leafTemplate.DNSNames, fmt.Sprintf("t%d.test", i))
-		}
-		for i := 0; i < leaf.emails; i++ {
-			leafTemplate.Subject.ExtraNames = append(leafTemplate.Subject.ExtraNames, pkix.AttributeTypeAndValue{
-				Type: []int{1, 2, 840, 113549, 1, 9, 1},
-				Value: asn1.RawValue{
-					Class:      asn1.ClassUniversal,
-					Tag:        asn1.TagIA5String,
-					IsCompound: false,
-					Bytes:      []byte(fmt.Sprintf("t%d@test", i)),
-				},
-			})
-		}
-		leafBytes, err := x509.CreateCertificate(rand.Reader, &leafTemplate, ca, &privateKey.PublicKey, privateKey)
-		if err != nil {
-			panic(err)
-		}
-
-		writePEM(leaf.path, leafBytes)
-	}
-}
diff --git a/chromium/third_party/boringssl/src/crypto/x509/many_constraints.pem b/chromium/third_party/boringssl/src/crypto/x509/many_constraints.pem
deleted file mode 100644
index 13b8ab29b68..00000000000
--- a/chromium/third_party/boringssl/src/crypto/x509/many_constraints.pem
+++ /dev/null
@@ -1,292 +0,0 @@
------BEGIN CERTIFICATE-----
-MII2MzCCNRugAwIBAgIBATANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
-Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDTELMAkGA1UEAxMCQ0Ew
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6C9qEGRIBQXV8Lj29vVu+
-U+tyXzSSinWIumK5ijPhCm3DLnv4RayxkFwemtnkGRZ/o94ZnsXkBfU/IlsYdkuq
-8wK9WI/ql3gwWjH+KARIhIQcSLGiJcLN6kGuG2nlRBKMcPgPiEq2B0yBXFf4tG3C
-Bbeae7+8G7uvOmv8NLyKj32neWpnUCTL5o2VwyPoxjLxT5gUR69v9XSVFj2irCZb
-sEedeKSb++LqyMhLfnRTzNv+ZHNh4izZHrktR25MvnT5QyBq32hx7AjZ2/xo70Om
-H7w10a2DwsVjJNMdxTEmgyvU9M6CeYRPX1Ykfg+sXCTtkTVAlBDUviIqY95CKy25
-AgMBAAGjgjOaMIIzljAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUH
-AwEwDwYDVR0TAQH/BAUwAwEB/zCCM1wGA1UdHgSCM1MwgjNPoIIZqDAJggd0MC50
-ZXN0MAmCB3QxLnRlc3QwCYIHdDIudGVzdDAJggd0My50ZXN0MAmCB3Q0LnRlc3Qw
-CYIHdDUudGVzdDAJggd0Ni50ZXN0MAmCB3Q3LnRlc3QwCYIHdDgudGVzdDAJggd0
-OS50ZXN0MAqCCHQxMC50ZXN0MAqCCHQxMS50ZXN0MAqCCHQxMi50ZXN0MAqCCHQx
-My50ZXN0MAqCCHQxNC50ZXN0MAqCCHQxNS50ZXN0MAqCCHQxNi50ZXN0MAqCCHQx
-Ny50ZXN0MAqCCHQxOC50ZXN0MAqCCHQxOS50ZXN0MAqCCHQyMC50ZXN0MAqCCHQy
-MS50ZXN0MAqCCHQyMi50ZXN0MAqCCHQyMy50ZXN0MAqCCHQyNC50ZXN0MAqCCHQy
-NS50ZXN0MAqCCHQyNi50ZXN0MAqCCHQyNy50ZXN0MAqCCHQyOC50ZXN0MAqCCHQy
-OS50ZXN0MAqCCHQzMC50ZXN0MAqCCHQzMS50ZXN0MAqCCHQzMi50ZXN0MAqCCHQz
-My50ZXN0MAqCCHQzNC50ZXN0MAqCCHQzNS50ZXN0MAqCCHQzNi50ZXN0MAqCCHQz
-Ny50ZXN0MAqCCHQzOC50ZXN0MAqCCHQzOS50ZXN0MAqCCHQ0MC50ZXN0MAqCCHQ0
-MS50ZXN0MAqCCHQ0Mi50ZXN0MAqCCHQ0My50ZXN0MAqCCHQ0NC50ZXN0MAqCCHQ0
-NS50ZXN0MAqCCHQ0Ni50ZXN0MAqCCHQ0Ny50ZXN0MAqCCHQ0OC50ZXN0MAqCCHQ0
-OS50ZXN0MAqCCHQ1MC50ZXN0MAqCCHQ1MS50ZXN0MAqCCHQ1Mi50ZXN0MAqCCHQ1
-My50ZXN0MAqCCHQ1NC50ZXN0MAqCCHQ1NS50ZXN0MAqCCHQ1Ni50ZXN0MAqCCHQ1
-Ny50ZXN0MAqCCHQ1OC50ZXN0MAqCCHQ1OS50ZXN0MAqCCHQ2MC50ZXN0MAqCCHQ2
-MS50ZXN0MAqCCHQ2Mi50ZXN0MAqCCHQ2My50ZXN0MAqCCHQ2NC50ZXN0MAqCCHQ2
-NS50ZXN0MAqCCHQ2Ni50ZXN0MAqCCHQ2Ny50ZXN0MAqCCHQ2OC50ZXN0MAqCCHQ2
-OS50ZXN0MAqCCHQ3MC50ZXN0MAqCCHQ3MS50ZXN0MAqCCHQ3Mi50ZXN0MAqCCHQ3
-My50ZXN0MAqCCHQ3NC50ZXN0MAqCCHQ3NS50ZXN0MAqCCHQ3Ni50ZXN0MAqCCHQ3
-Ny50ZXN0MAqCCHQ3OC50ZXN0MAqCCHQ3OS50ZXN0MAqCCHQ4MC50ZXN0MAqCCHQ4
-MS50ZXN0MAqCCHQ4Mi50ZXN0MAqCCHQ4My50ZXN0MAqCCHQ4NC50ZXN0MAqCCHQ4
-NS50ZXN0MAqCCHQ4Ni50ZXN0MAqCCHQ4Ny50ZXN0MAqCCHQ4OC50ZXN0MAqCCHQ4
-OS50ZXN0MAqCCHQ5MC50ZXN0MAqCCHQ5MS50ZXN0MAqCCHQ5Mi50ZXN0MAqCCHQ5
-My50ZXN0MAqCCHQ5NC50ZXN0MAqCCHQ5NS50ZXN0MAqCCHQ5Ni50ZXN0MAqCCHQ5
-Ny50ZXN0MAqCCHQ5OC50ZXN0MAqCCHQ5OS50ZXN0MAuCCXQxMDAudGVzdDALggl0
-MTAxLnRlc3QwC4IJdDEwMi50ZXN0MAuCCXQxMDMudGVzdDALggl0MTA0LnRlc3Qw
-C4IJdDEwNS50ZXN0MAuCCXQxMDYudGVzdDALggl0MTA3LnRlc3QwC4IJdDEwOC50
-ZXN0MAuCCXQxMDkudGVzdDALggl0MTEwLnRlc3QwC4IJdDExMS50ZXN0MAuCCXQx
-MTIudGVzdDALggl0MTEzLnRlc3QwC4IJdDExNC50ZXN0MAuCCXQxMTUudGVzdDAL
-ggl0MTE2LnRlc3QwC4IJdDExNy50ZXN0MAuCCXQxMTgudGVzdDALggl0MTE5LnRl
-c3QwC4IJdDEyMC50ZXN0MAuCCXQxMjEudGVzdDALggl0MTIyLnRlc3QwC4IJdDEy
-My50ZXN0MAuCCXQxMjQudGVzdDALggl0MTI1LnRlc3QwC4IJdDEyNi50ZXN0MAuC
-CXQxMjcudGVzdDALggl0MTI4LnRlc3QwC4IJdDEyOS50ZXN0MAuCCXQxMzAudGVz
-dDALggl0MTMxLnRlc3QwC4IJdDEzMi50ZXN0MAuCCXQxMzMudGVzdDALggl0MTM0
-LnRlc3QwC4IJdDEzNS50ZXN0MAuCCXQxMzYudGVzdDALggl0MTM3LnRlc3QwC4IJ
-dDEzOC50ZXN0MAuCCXQxMzkudGVzdDALggl0MTQwLnRlc3QwC4IJdDE0MS50ZXN0
-MAuCCXQxNDIudGVzdDALggl0MTQzLnRlc3QwC4IJdDE0NC50ZXN0MAuCCXQxNDUu
-dGVzdDALggl0MTQ2LnRlc3QwC4IJdDE0Ny50ZXN0MAuCCXQxNDgudGVzdDALggl0
-MTQ5LnRlc3QwC4IJdDE1MC50ZXN0MAuCCXQxNTEudGVzdDALggl0MTUyLnRlc3Qw
-C4IJdDE1My50ZXN0MAuCCXQxNTQudGVzdDALggl0MTU1LnRlc3QwC4IJdDE1Ni50
-ZXN0MAuCCXQxNTcudGVzdDALggl0MTU4LnRlc3QwC4IJdDE1OS50ZXN0MAuCCXQx
-NjAudGVzdDALggl0MTYxLnRlc3QwC4IJdDE2Mi50ZXN0MAuCCXQxNjMudGVzdDAL
-ggl0MTY0LnRlc3QwC4IJdDE2NS50ZXN0MAuCCXQxNjYudGVzdDALggl0MTY3LnRl
-c3QwC4IJdDE2OC50ZXN0MAuCCXQxNjkudGVzdDALggl0MTcwLnRlc3QwC4IJdDE3
-MS50ZXN0MAuCCXQxNzIudGVzdDALggl0MTczLnRlc3QwC4IJdDE3NC50ZXN0MAuC
-CXQxNzUudGVzdDALggl0MTc2LnRlc3QwC4IJdDE3Ny50ZXN0MAuCCXQxNzgudGVz
-dDALggl0MTc5LnRlc3QwC4IJdDE4MC50ZXN0MAuCCXQxODEudGVzdDALggl0MTgy
-LnRlc3QwC4IJdDE4My50ZXN0MAuCCXQxODQudGVzdDALggl0MTg1LnRlc3QwC4IJ
-dDE4Ni50ZXN0MAuCCXQxODcudGVzdDALggl0MTg4LnRlc3QwC4IJdDE4OS50ZXN0
-MAuCCXQxOTAudGVzdDALggl0MTkxLnRlc3QwC4IJdDE5Mi50ZXN0MAuCCXQxOTMu
-dGVzdDALggl0MTk0LnRlc3QwC4IJdDE5NS50ZXN0MAuCCXQxOTYudGVzdDALggl0
-MTk3LnRlc3QwC4IJdDE5OC50ZXN0MAuCCXQxOTkudGVzdDALggl0MjAwLnRlc3Qw
-C4IJdDIwMS50ZXN0MAuCCXQyMDIudGVzdDALggl0MjAzLnRlc3QwC4IJdDIwNC50
-ZXN0MAuCCXQyMDUudGVzdDALggl0MjA2LnRlc3QwC4IJdDIwNy50ZXN0MAuCCXQy
-MDgudGVzdDALggl0MjA5LnRlc3QwC4IJdDIxMC50ZXN0MAuCCXQyMTEudGVzdDAL
-ggl0MjEyLnRlc3QwC4IJdDIxMy50ZXN0MAuCCXQyMTQudGVzdDALggl0MjE1LnRl
-c3QwC4IJdDIxNi50ZXN0MAuCCXQyMTcudGVzdDALggl0MjE4LnRlc3QwC4IJdDIx
-OS50ZXN0MAuCCXQyMjAudGVzdDALggl0MjIxLnRlc3QwC4IJdDIyMi50ZXN0MAuC
-CXQyMjMudGVzdDALggl0MjI0LnRlc3QwC4IJdDIyNS50ZXN0MAuCCXQyMjYudGVz
-dDALggl0MjI3LnRlc3QwC4IJdDIyOC50ZXN0MAuCCXQyMjkudGVzdDALggl0MjMw
-LnRlc3QwC4IJdDIzMS50ZXN0MAuCCXQyMzIudGVzdDALggl0MjMzLnRlc3QwC4IJ
-dDIzNC50ZXN0MAuCCXQyMzUudGVzdDALggl0MjM2LnRlc3QwC4IJdDIzNy50ZXN0
-MAuCCXQyMzgudGVzdDALggl0MjM5LnRlc3QwC4IJdDI0MC50ZXN0MAuCCXQyNDEu
-dGVzdDALggl0MjQyLnRlc3QwC4IJdDI0My50ZXN0MAuCCXQyNDQudGVzdDALggl0
-MjQ1LnRlc3QwC4IJdDI0Ni50ZXN0MAuCCXQyNDcudGVzdDALggl0MjQ4LnRlc3Qw
-C4IJdDI0OS50ZXN0MAuCCXQyNTAudGVzdDALggl0MjUxLnRlc3QwC4IJdDI1Mi50
-ZXN0MAuCCXQyNTMudGVzdDALggl0MjU0LnRlc3QwC4IJdDI1NS50ZXN0MAuCCXQy
-NTYudGVzdDALggl0MjU3LnRlc3QwC4IJdDI1OC50ZXN0MAuCCXQyNTkudGVzdDAL
-ggl0MjYwLnRlc3QwC4IJdDI2MS50ZXN0MAuCCXQyNjIudGVzdDALggl0MjYzLnRl
-c3QwC4IJdDI2NC50ZXN0MAuCCXQyNjUudGVzdDALggl0MjY2LnRlc3QwC4IJdDI2
-Ny50ZXN0MAuCCXQyNjgudGVzdDALggl0MjY5LnRlc3QwC4IJdDI3MC50ZXN0MAuC
-CXQyNzEudGVzdDALggl0MjcyLnRlc3QwC4IJdDI3My50ZXN0MAuCCXQyNzQudGVz
-dDALggl0Mjc1LnRlc3QwC4IJdDI3Ni50ZXN0MAuCCXQyNzcudGVzdDALggl0Mjc4
-LnRlc3QwC4IJdDI3OS50ZXN0MAuCCXQyODAudGVzdDALggl0MjgxLnRlc3QwC4IJ
-dDI4Mi50ZXN0MAuCCXQyODMudGVzdDALggl0Mjg0LnRlc3QwC4IJdDI4NS50ZXN0
-MAuCCXQyODYudGVzdDALggl0Mjg3LnRlc3QwC4IJdDI4OC50ZXN0MAuCCXQyODku
-dGVzdDALggl0MjkwLnRlc3QwC4IJdDI5MS50ZXN0MAuCCXQyOTIudGVzdDALggl0
-MjkzLnRlc3QwC4IJdDI5NC50ZXN0MAuCCXQyOTUudGVzdDALggl0Mjk2LnRlc3Qw
-C4IJdDI5Ny50ZXN0MAuCCXQyOTgudGVzdDALggl0Mjk5LnRlc3QwC4IJdDMwMC50
-ZXN0MAuCCXQzMDEudGVzdDALggl0MzAyLnRlc3QwC4IJdDMwMy50ZXN0MAuCCXQz
-MDQudGVzdDALggl0MzA1LnRlc3QwC4IJdDMwNi50ZXN0MAuCCXQzMDcudGVzdDAL
-ggl0MzA4LnRlc3QwC4IJdDMwOS50ZXN0MAuCCXQzMTAudGVzdDALggl0MzExLnRl
-c3QwC4IJdDMxMi50ZXN0MAuCCXQzMTMudGVzdDALggl0MzE0LnRlc3QwC4IJdDMx
-NS50ZXN0MAuCCXQzMTYudGVzdDALggl0MzE3LnRlc3QwC4IJdDMxOC50ZXN0MAuC
-CXQzMTkudGVzdDALggl0MzIwLnRlc3QwC4IJdDMyMS50ZXN0MAuCCXQzMjIudGVz
-dDALggl0MzIzLnRlc3QwC4IJdDMyNC50ZXN0MAuCCXQzMjUudGVzdDALggl0MzI2
-LnRlc3QwC4IJdDMyNy50ZXN0MAuCCXQzMjgudGVzdDALggl0MzI5LnRlc3QwC4IJ
-dDMzMC50ZXN0MAuCCXQzMzEudGVzdDALggl0MzMyLnRlc3QwC4IJdDMzMy50ZXN0
-MAuCCXQzMzQudGVzdDALggl0MzM1LnRlc3QwC4IJdDMzNi50ZXN0MAuCCXQzMzcu
-dGVzdDALggl0MzM4LnRlc3QwC4IJdDMzOS50ZXN0MAuCCXQzNDAudGVzdDALggl0
-MzQxLnRlc3QwC4IJdDM0Mi50ZXN0MAuCCXQzNDMudGVzdDALggl0MzQ0LnRlc3Qw
-C4IJdDM0NS50ZXN0MAuCCXQzNDYudGVzdDALggl0MzQ3LnRlc3QwC4IJdDM0OC50
-ZXN0MAuCCXQzNDkudGVzdDALggl0MzUwLnRlc3QwC4IJdDM1MS50ZXN0MAuCCXQz
-NTIudGVzdDALggl0MzUzLnRlc3QwC4IJdDM1NC50ZXN0MAuCCXQzNTUudGVzdDAL
-ggl0MzU2LnRlc3QwC4IJdDM1Ny50ZXN0MAuCCXQzNTgudGVzdDALggl0MzU5LnRl
-c3QwC4IJdDM2MC50ZXN0MAuCCXQzNjEudGVzdDALggl0MzYyLnRlc3QwC4IJdDM2
-My50ZXN0MAuCCXQzNjQudGVzdDALggl0MzY1LnRlc3QwC4IJdDM2Ni50ZXN0MAuC
-CXQzNjcudGVzdDALggl0MzY4LnRlc3QwC4IJdDM2OS50ZXN0MAuCCXQzNzAudGVz
-dDALggl0MzcxLnRlc3QwC4IJdDM3Mi50ZXN0MAuCCXQzNzMudGVzdDALggl0Mzc0
-LnRlc3QwC4IJdDM3NS50ZXN0MAuCCXQzNzYudGVzdDALggl0Mzc3LnRlc3QwC4IJ
-dDM3OC50ZXN0MAuCCXQzNzkudGVzdDALggl0MzgwLnRlc3QwC4IJdDM4MS50ZXN0
-MAuCCXQzODIudGVzdDALggl0MzgzLnRlc3QwC4IJdDM4NC50ZXN0MAuCCXQzODUu
-dGVzdDALggl0Mzg2LnRlc3QwC4IJdDM4Ny50ZXN0MAuCCXQzODgudGVzdDALggl0
-Mzg5LnRlc3QwC4IJdDM5MC50ZXN0MAuCCXQzOTEudGVzdDALggl0MzkyLnRlc3Qw
-C4IJdDM5My50ZXN0MAuCCXQzOTQudGVzdDALggl0Mzk1LnRlc3QwC4IJdDM5Ni50
-ZXN0MAuCCXQzOTcudGVzdDALggl0Mzk4LnRlc3QwC4IJdDM5OS50ZXN0MAuCCXQ0
-MDAudGVzdDALggl0NDAxLnRlc3QwC4IJdDQwMi50ZXN0MAuCCXQ0MDMudGVzdDAL
-ggl0NDA0LnRlc3QwC4IJdDQwNS50ZXN0MAuCCXQ0MDYudGVzdDALggl0NDA3LnRl
-c3QwC4IJdDQwOC50ZXN0MAuCCXQ0MDkudGVzdDALggl0NDEwLnRlc3QwC4IJdDQx
-MS50ZXN0MAuCCXQ0MTIudGVzdDALggl0NDEzLnRlc3QwC4IJdDQxNC50ZXN0MAuC
-CXQ0MTUudGVzdDALggl0NDE2LnRlc3QwC4IJdDQxNy50ZXN0MAuCCXQ0MTgudGVz
-dDALggl0NDE5LnRlc3QwC4IJdDQyMC50ZXN0MAuCCXQ0MjEudGVzdDALggl0NDIy
-LnRlc3QwC4IJdDQyMy50ZXN0MAuCCXQ0MjQudGVzdDALggl0NDI1LnRlc3QwC4IJ
-dDQyNi50ZXN0MAuCCXQ0MjcudGVzdDALggl0NDI4LnRlc3QwC4IJdDQyOS50ZXN0
-MAuCCXQ0MzAudGVzdDALggl0NDMxLnRlc3QwC4IJdDQzMi50ZXN0MAuCCXQ0MzMu
-dGVzdDALggl0NDM0LnRlc3QwC4IJdDQzNS50ZXN0MAuCCXQ0MzYudGVzdDALggl0
-NDM3LnRlc3QwC4IJdDQzOC50ZXN0MAuCCXQ0MzkudGVzdDALggl0NDQwLnRlc3Qw
-C4IJdDQ0MS50ZXN0MAuCCXQ0NDIudGVzdDALggl0NDQzLnRlc3QwC4IJdDQ0NC50
-ZXN0MAuCCXQ0NDUudGVzdDALggl0NDQ2LnRlc3QwC4IJdDQ0Ny50ZXN0MAuCCXQ0
-NDgudGVzdDALggl0NDQ5LnRlc3QwC4IJdDQ1MC50ZXN0MAuCCXQ0NTEudGVzdDAL
-ggl0NDUyLnRlc3QwC4IJdDQ1My50ZXN0MAuCCXQ0NTQudGVzdDALggl0NDU1LnRl
-c3QwC4IJdDQ1Ni50ZXN0MAuCCXQ0NTcudGVzdDALggl0NDU4LnRlc3QwC4IJdDQ1
-OS50ZXN0MAuCCXQ0NjAudGVzdDALggl0NDYxLnRlc3QwC4IJdDQ2Mi50ZXN0MAuC
-CXQ0NjMudGVzdDALggl0NDY0LnRlc3QwC4IJdDQ2NS50ZXN0MAuCCXQ0NjYudGVz
-dDALggl0NDY3LnRlc3QwC4IJdDQ2OC50ZXN0MAuCCXQ0NjkudGVzdDALggl0NDcw
-LnRlc3QwC4IJdDQ3MS50ZXN0MAuCCXQ0NzIudGVzdDALggl0NDczLnRlc3QwC4IJ
-dDQ3NC50ZXN0MAuCCXQ0NzUudGVzdDALggl0NDc2LnRlc3QwC4IJdDQ3Ny50ZXN0
-MAuCCXQ0NzgudGVzdDALggl0NDc5LnRlc3QwC4IJdDQ4MC50ZXN0MAuCCXQ0ODEu
-dGVzdDALggl0NDgyLnRlc3QwC4IJdDQ4My50ZXN0MAuCCXQ0ODQudGVzdDALggl0
-NDg1LnRlc3QwC4IJdDQ4Ni50ZXN0MAuCCXQ0ODcudGVzdDALggl0NDg4LnRlc3Qw
-C4IJdDQ4OS50ZXN0MAuCCXQ0OTAudGVzdDALggl0NDkxLnRlc3QwC4IJdDQ5Mi50
-ZXN0MAuCCXQ0OTMudGVzdDALggl0NDk0LnRlc3QwC4IJdDQ5NS50ZXN0MAuCCXQ0
-OTYudGVzdDALggl0NDk3LnRlc3QwC4IJdDQ5OC50ZXN0MAuCCXQ0OTkudGVzdDAL
-ggl0NTAwLnRlc3QwC4IJdDUwMS50ZXN0MAuCCXQ1MDIudGVzdDALggl0NTAzLnRl
-c3QwC4IJdDUwNC50ZXN0MAuCCXQ1MDUudGVzdDALggl0NTA2LnRlc3QwC4IJdDUw
-Ny50ZXN0MAuCCXQ1MDgudGVzdDALggl0NTA5LnRlc3QwC4IJdDUxMC50ZXN0MAuC
-CXQ1MTEudGVzdDALggl0NTEyLnRlc3QwB4IFLnRlc3ShghmfMAmCB3gwLnRlc3Qw
-CYIHeDEudGVzdDAJggd4Mi50ZXN0MAmCB3gzLnRlc3QwCYIHeDQudGVzdDAJggd4
-NS50ZXN0MAmCB3g2LnRlc3QwCYIHeDcudGVzdDAJggd4OC50ZXN0MAmCB3g5LnRl
-c3QwCoIIeDEwLnRlc3QwCoIIeDExLnRlc3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRl
-c3QwCoIIeDE0LnRlc3QwCoIIeDE1LnRlc3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRl
-c3QwCoIIeDE4LnRlc3QwCoIIeDE5LnRlc3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRl
-c3QwCoIIeDIyLnRlc3QwCoIIeDIzLnRlc3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRl
-c3QwCoIIeDI2LnRlc3QwCoIIeDI3LnRlc3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRl
-c3QwCoIIeDMwLnRlc3QwCoIIeDMxLnRlc3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRl
-c3QwCoIIeDM0LnRlc3QwCoIIeDM1LnRlc3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRl
-c3QwCoIIeDM4LnRlc3QwCoIIeDM5LnRlc3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRl
-c3QwCoIIeDQyLnRlc3QwCoIIeDQzLnRlc3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRl
-c3QwCoIIeDQ2LnRlc3QwCoIIeDQ3LnRlc3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRl
-c3QwCoIIeDUwLnRlc3QwCoIIeDUxLnRlc3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRl
-c3QwCoIIeDU0LnRlc3QwCoIIeDU1LnRlc3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRl
-c3QwCoIIeDU4LnRlc3QwCoIIeDU5LnRlc3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRl
-c3QwCoIIeDYyLnRlc3QwCoIIeDYzLnRlc3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRl
-c3QwCoIIeDY2LnRlc3QwCoIIeDY3LnRlc3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRl
-c3QwCoIIeDcwLnRlc3QwCoIIeDcxLnRlc3QwCoIIeDcyLnRlc3QwCoIIeDczLnRl
-c3QwCoIIeDc0LnRlc3QwCoIIeDc1LnRlc3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRl
-c3QwCoIIeDc4LnRlc3QwCoIIeDc5LnRlc3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRl
-c3QwCoIIeDgyLnRlc3QwCoIIeDgzLnRlc3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRl
-c3QwCoIIeDg2LnRlc3QwCoIIeDg3LnRlc3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRl
-c3QwCoIIeDkwLnRlc3QwCoIIeDkxLnRlc3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRl
-c3QwCoIIeDk0LnRlc3QwCoIIeDk1LnRlc3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRl
-c3QwCoIIeDk4LnRlc3QwCoIIeDk5LnRlc3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEu
-dGVzdDALggl4MTAyLnRlc3QwC4IJeDEwMy50ZXN0MAuCCXgxMDQudGVzdDALggl4
-MTA1LnRlc3QwC4IJeDEwNi50ZXN0MAuCCXgxMDcudGVzdDALggl4MTA4LnRlc3Qw
-C4IJeDEwOS50ZXN0MAuCCXgxMTAudGVzdDALggl4MTExLnRlc3QwC4IJeDExMi50
-ZXN0MAuCCXgxMTMudGVzdDALggl4MTE0LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgx
-MTYudGVzdDALggl4MTE3LnRlc3QwC4IJeDExOC50ZXN0MAuCCXgxMTkudGVzdDAL
-ggl4MTIwLnRlc3QwC4IJeDEyMS50ZXN0MAuCCXgxMjIudGVzdDALggl4MTIzLnRl
-c3QwC4IJeDEyNC50ZXN0MAuCCXgxMjUudGVzdDALggl4MTI2LnRlc3QwC4IJeDEy
-Ny50ZXN0MAuCCXgxMjgudGVzdDALggl4MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuC
-CXgxMzEudGVzdDALggl4MTMyLnRlc3QwC4IJeDEzMy50ZXN0MAuCCXgxMzQudGVz
-dDALggl4MTM1LnRlc3QwC4IJeDEzNi50ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4
-LnRlc3QwC4IJeDEzOS50ZXN0MAuCCXgxNDAudGVzdDALggl4MTQxLnRlc3QwC4IJ
-eDE0Mi50ZXN0MAuCCXgxNDMudGVzdDALggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0
-MAuCCXgxNDYudGVzdDALggl4MTQ3LnRlc3QwC4IJeDE0OC50ZXN0MAuCCXgxNDku
-dGVzdDALggl4MTUwLnRlc3QwC4IJeDE1MS50ZXN0MAuCCXgxNTIudGVzdDALggl4
-MTUzLnRlc3QwC4IJeDE1NC50ZXN0MAuCCXgxNTUudGVzdDALggl4MTU2LnRlc3Qw
-C4IJeDE1Ny50ZXN0MAuCCXgxNTgudGVzdDALggl4MTU5LnRlc3QwC4IJeDE2MC50
-ZXN0MAuCCXgxNjEudGVzdDALggl4MTYyLnRlc3QwC4IJeDE2My50ZXN0MAuCCXgx
-NjQudGVzdDALggl4MTY1LnRlc3QwC4IJeDE2Ni50ZXN0MAuCCXgxNjcudGVzdDAL
-ggl4MTY4LnRlc3QwC4IJeDE2OS50ZXN0MAuCCXgxNzAudGVzdDALggl4MTcxLnRl
-c3QwC4IJeDE3Mi50ZXN0MAuCCXgxNzMudGVzdDALggl4MTc0LnRlc3QwC4IJeDE3
-NS50ZXN0MAuCCXgxNzYudGVzdDALggl4MTc3LnRlc3QwC4IJeDE3OC50ZXN0MAuC
-CXgxNzkudGVzdDALggl4MTgwLnRlc3QwC4IJeDE4MS50ZXN0MAuCCXgxODIudGVz
-dDALggl4MTgzLnRlc3QwC4IJeDE4NC50ZXN0MAuCCXgxODUudGVzdDALggl4MTg2
-LnRlc3QwC4IJeDE4Ny50ZXN0MAuCCXgxODgudGVzdDALggl4MTg5LnRlc3QwC4IJ
-eDE5MC50ZXN0MAuCCXgxOTEudGVzdDALggl4MTkyLnRlc3QwC4IJeDE5My50ZXN0
-MAuCCXgxOTQudGVzdDALggl4MTk1LnRlc3QwC4IJeDE5Ni50ZXN0MAuCCXgxOTcu
-dGVzdDALggl4MTk4LnRlc3QwC4IJeDE5OS50ZXN0MAuCCXgyMDAudGVzdDALggl4
-MjAxLnRlc3QwC4IJeDIwMi50ZXN0MAuCCXgyMDMudGVzdDALggl4MjA0LnRlc3Qw
-C4IJeDIwNS50ZXN0MAuCCXgyMDYudGVzdDALggl4MjA3LnRlc3QwC4IJeDIwOC50
-ZXN0MAuCCXgyMDkudGVzdDALggl4MjEwLnRlc3QwC4IJeDIxMS50ZXN0MAuCCXgy
-MTIudGVzdDALggl4MjEzLnRlc3QwC4IJeDIxNC50ZXN0MAuCCXgyMTUudGVzdDAL
-ggl4MjE2LnRlc3QwC4IJeDIxNy50ZXN0MAuCCXgyMTgudGVzdDALggl4MjE5LnRl
-c3QwC4IJeDIyMC50ZXN0MAuCCXgyMjEudGVzdDALggl4MjIyLnRlc3QwC4IJeDIy
-My50ZXN0MAuCCXgyMjQudGVzdDALggl4MjI1LnRlc3QwC4IJeDIyNi50ZXN0MAuC
-CXgyMjcudGVzdDALggl4MjI4LnRlc3QwC4IJeDIyOS50ZXN0MAuCCXgyMzAudGVz
-dDALggl4MjMxLnRlc3QwC4IJeDIzMi50ZXN0MAuCCXgyMzMudGVzdDALggl4MjM0
-LnRlc3QwC4IJeDIzNS50ZXN0MAuCCXgyMzYudGVzdDALggl4MjM3LnRlc3QwC4IJ
-eDIzOC50ZXN0MAuCCXgyMzkudGVzdDALggl4MjQwLnRlc3QwC4IJeDI0MS50ZXN0
-MAuCCXgyNDIudGVzdDALggl4MjQzLnRlc3QwC4IJeDI0NC50ZXN0MAuCCXgyNDUu
-dGVzdDALggl4MjQ2LnRlc3QwC4IJeDI0Ny50ZXN0MAuCCXgyNDgudGVzdDALggl4
-MjQ5LnRlc3QwC4IJeDI1MC50ZXN0MAuCCXgyNTEudGVzdDALggl4MjUyLnRlc3Qw
-C4IJeDI1My50ZXN0MAuCCXgyNTQudGVzdDALggl4MjU1LnRlc3QwC4IJeDI1Ni50
-ZXN0MAuCCXgyNTcudGVzdDALggl4MjU4LnRlc3QwC4IJeDI1OS50ZXN0MAuCCXgy
-NjAudGVzdDALggl4MjYxLnRlc3QwC4IJeDI2Mi50ZXN0MAuCCXgyNjMudGVzdDAL
-ggl4MjY0LnRlc3QwC4IJeDI2NS50ZXN0MAuCCXgyNjYudGVzdDALggl4MjY3LnRl
-c3QwC4IJeDI2OC50ZXN0MAuCCXgyNjkudGVzdDALggl4MjcwLnRlc3QwC4IJeDI3
-MS50ZXN0MAuCCXgyNzIudGVzdDALggl4MjczLnRlc3QwC4IJeDI3NC50ZXN0MAuC
-CXgyNzUudGVzdDALggl4Mjc2LnRlc3QwC4IJeDI3Ny50ZXN0MAuCCXgyNzgudGVz
-dDALggl4Mjc5LnRlc3QwC4IJeDI4MC50ZXN0MAuCCXgyODEudGVzdDALggl4Mjgy
-LnRlc3QwC4IJeDI4My50ZXN0MAuCCXgyODQudGVzdDALggl4Mjg1LnRlc3QwC4IJ
-eDI4Ni50ZXN0MAuCCXgyODcudGVzdDALggl4Mjg4LnRlc3QwC4IJeDI4OS50ZXN0
-MAuCCXgyOTAudGVzdDALggl4MjkxLnRlc3QwC4IJeDI5Mi50ZXN0MAuCCXgyOTMu
-dGVzdDALggl4Mjk0LnRlc3QwC4IJeDI5NS50ZXN0MAuCCXgyOTYudGVzdDALggl4
-Mjk3LnRlc3QwC4IJeDI5OC50ZXN0MAuCCXgyOTkudGVzdDALggl4MzAwLnRlc3Qw
-C4IJeDMwMS50ZXN0MAuCCXgzMDIudGVzdDALggl4MzAzLnRlc3QwC4IJeDMwNC50
-ZXN0MAuCCXgzMDUudGVzdDALggl4MzA2LnRlc3QwC4IJeDMwNy50ZXN0MAuCCXgz
-MDgudGVzdDALggl4MzA5LnRlc3QwC4IJeDMxMC50ZXN0MAuCCXgzMTEudGVzdDAL
-ggl4MzEyLnRlc3QwC4IJeDMxMy50ZXN0MAuCCXgzMTQudGVzdDALggl4MzE1LnRl
-c3QwC4IJeDMxNi50ZXN0MAuCCXgzMTcudGVzdDALggl4MzE4LnRlc3QwC4IJeDMx
-OS50ZXN0MAuCCXgzMjAudGVzdDALggl4MzIxLnRlc3QwC4IJeDMyMi50ZXN0MAuC
-CXgzMjMudGVzdDALggl4MzI0LnRlc3QwC4IJeDMyNS50ZXN0MAuCCXgzMjYudGVz
-dDALggl4MzI3LnRlc3QwC4IJeDMyOC50ZXN0MAuCCXgzMjkudGVzdDALggl4MzMw
-LnRlc3QwC4IJeDMzMS50ZXN0MAuCCXgzMzIudGVzdDALggl4MzMzLnRlc3QwC4IJ
-eDMzNC50ZXN0MAuCCXgzMzUudGVzdDALggl4MzM2LnRlc3QwC4IJeDMzNy50ZXN0
-MAuCCXgzMzgudGVzdDALggl4MzM5LnRlc3QwC4IJeDM0MC50ZXN0MAuCCXgzNDEu
-dGVzdDALggl4MzQyLnRlc3QwC4IJeDM0My50ZXN0MAuCCXgzNDQudGVzdDALggl4
-MzQ1LnRlc3QwC4IJeDM0Ni50ZXN0MAuCCXgzNDcudGVzdDALggl4MzQ4LnRlc3Qw
-C4IJeDM0OS50ZXN0MAuCCXgzNTAudGVzdDALggl4MzUxLnRlc3QwC4IJeDM1Mi50
-ZXN0MAuCCXgzNTMudGVzdDALggl4MzU0LnRlc3QwC4IJeDM1NS50ZXN0MAuCCXgz
-NTYudGVzdDALggl4MzU3LnRlc3QwC4IJeDM1OC50ZXN0MAuCCXgzNTkudGVzdDAL
-ggl4MzYwLnRlc3QwC4IJeDM2MS50ZXN0MAuCCXgzNjIudGVzdDALggl4MzYzLnRl
-c3QwC4IJeDM2NC50ZXN0MAuCCXgzNjUudGVzdDALggl4MzY2LnRlc3QwC4IJeDM2
-Ny50ZXN0MAuCCXgzNjgudGVzdDALggl4MzY5LnRlc3QwC4IJeDM3MC50ZXN0MAuC
-CXgzNzEudGVzdDALggl4MzcyLnRlc3QwC4IJeDM3My50ZXN0MAuCCXgzNzQudGVz
-dDALggl4Mzc1LnRlc3QwC4IJeDM3Ni50ZXN0MAuCCXgzNzcudGVzdDALggl4Mzc4
-LnRlc3QwC4IJeDM3OS50ZXN0MAuCCXgzODAudGVzdDALggl4MzgxLnRlc3QwC4IJ
-eDM4Mi50ZXN0MAuCCXgzODMudGVzdDALggl4Mzg0LnRlc3QwC4IJeDM4NS50ZXN0
-MAuCCXgzODYudGVzdDALggl4Mzg3LnRlc3QwC4IJeDM4OC50ZXN0MAuCCXgzODku
-dGVzdDALggl4MzkwLnRlc3QwC4IJeDM5MS50ZXN0MAuCCXgzOTIudGVzdDALggl4
-MzkzLnRlc3QwC4IJeDM5NC50ZXN0MAuCCXgzOTUudGVzdDALggl4Mzk2LnRlc3Qw
-C4IJeDM5Ny50ZXN0MAuCCXgzOTgudGVzdDALggl4Mzk5LnRlc3QwC4IJeDQwMC50
-ZXN0MAuCCXg0MDEudGVzdDALggl4NDAyLnRlc3QwC4IJeDQwMy50ZXN0MAuCCXg0
-MDQudGVzdDALggl4NDA1LnRlc3QwC4IJeDQwNi50ZXN0MAuCCXg0MDcudGVzdDAL
-ggl4NDA4LnRlc3QwC4IJeDQwOS50ZXN0MAuCCXg0MTAudGVzdDALggl4NDExLnRl
-c3QwC4IJeDQxMi50ZXN0MAuCCXg0MTMudGVzdDALggl4NDE0LnRlc3QwC4IJeDQx
-NS50ZXN0MAuCCXg0MTYudGVzdDALggl4NDE3LnRlc3QwC4IJeDQxOC50ZXN0MAuC
-CXg0MTkudGVzdDALggl4NDIwLnRlc3QwC4IJeDQyMS50ZXN0MAuCCXg0MjIudGVz
-dDALggl4NDIzLnRlc3QwC4IJeDQyNC50ZXN0MAuCCXg0MjUudGVzdDALggl4NDI2
-LnRlc3QwC4IJeDQyNy50ZXN0MAuCCXg0MjgudGVzdDALggl4NDI5LnRlc3QwC4IJ
-eDQzMC50ZXN0MAuCCXg0MzEudGVzdDALggl4NDMyLnRlc3QwC4IJeDQzMy50ZXN0
-MAuCCXg0MzQudGVzdDALggl4NDM1LnRlc3QwC4IJeDQzNi50ZXN0MAuCCXg0Mzcu
-dGVzdDALggl4NDM4LnRlc3QwC4IJeDQzOS50ZXN0MAuCCXg0NDAudGVzdDALggl4
-NDQxLnRlc3QwC4IJeDQ0Mi50ZXN0MAuCCXg0NDMudGVzdDALggl4NDQ0LnRlc3Qw
-C4IJeDQ0NS50ZXN0MAuCCXg0NDYudGVzdDALggl4NDQ3LnRlc3QwC4IJeDQ0OC50
-ZXN0MAuCCXg0NDkudGVzdDALggl4NDUwLnRlc3QwC4IJeDQ1MS50ZXN0MAuCCXg0
-NTIudGVzdDALggl4NDUzLnRlc3QwC4IJeDQ1NC50ZXN0MAuCCXg0NTUudGVzdDAL
-ggl4NDU2LnRlc3QwC4IJeDQ1Ny50ZXN0MAuCCXg0NTgudGVzdDALggl4NDU5LnRl
-c3QwC4IJeDQ2MC50ZXN0MAuCCXg0NjEudGVzdDALggl4NDYyLnRlc3QwC4IJeDQ2
-My50ZXN0MAuCCXg0NjQudGVzdDALggl4NDY1LnRlc3QwC4IJeDQ2Ni50ZXN0MAuC
-CXg0NjcudGVzdDALggl4NDY4LnRlc3QwC4IJeDQ2OS50ZXN0MAuCCXg0NzAudGVz
-dDALggl4NDcxLnRlc3QwC4IJeDQ3Mi50ZXN0MAuCCXg0NzMudGVzdDALggl4NDc0
-LnRlc3QwC4IJeDQ3NS50ZXN0MAuCCXg0NzYudGVzdDALggl4NDc3LnRlc3QwC4IJ
-eDQ3OC50ZXN0MAuCCXg0NzkudGVzdDALggl4NDgwLnRlc3QwC4IJeDQ4MS50ZXN0
-MAuCCXg0ODIudGVzdDALggl4NDgzLnRlc3QwC4IJeDQ4NC50ZXN0MAuCCXg0ODUu
-dGVzdDALggl4NDg2LnRlc3QwC4IJeDQ4Ny50ZXN0MAuCCXg0ODgudGVzdDALggl4
-NDg5LnRlc3QwC4IJeDQ5MC50ZXN0MAuCCXg0OTEudGVzdDALggl4NDkyLnRlc3Qw
-C4IJeDQ5My50ZXN0MAuCCXg0OTQudGVzdDALggl4NDk1LnRlc3QwC4IJeDQ5Ni50
-ZXN0MAuCCXg0OTcudGVzdDALggl4NDk4LnRlc3QwC4IJeDQ5OS50ZXN0MAuCCXg1
-MDAudGVzdDALggl4NTAxLnRlc3QwC4IJeDUwMi50ZXN0MAuCCXg1MDMudGVzdDAL
-ggl4NTA0LnRlc3QwC4IJeDUwNS50ZXN0MAuCCXg1MDYudGVzdDALggl4NTA3LnRl
-c3QwC4IJeDUwOC50ZXN0MAuCCXg1MDkudGVzdDALggl4NTEwLnRlc3QwC4IJeDUx
-MS50ZXN0MAuCCXg1MTIudGVzdDANBgkqhkiG9w0BAQsFAAOCAQEAL2zj4W3+BzBa
-UA0pBD3K5mXq5H94uVT3YFiS1Yrrv1aGJjnb9iabNjdPNRFq7eBm1OajFTv8UtE/
-WJR0JDvBTs7yvpOgTy+JY9RY8NP72gdOOvpZ3DbJ0bbSUFqBVQlM8771Mz9RVQX9
-i9oCqVkakKI/9guAU2XHx9ztTB6N3mULB3QkeFmlyrqeeVK/2lFErArRxyKQXjxb
-cfD76JGADWpp6p1/QUGYmPNYGxHMtWzAhzX1zs/OdGwVVX7g6xxfFdOw0z2PVSPL
-otKS5E3GWvqe43Edz3D6AI7jp6ibtH32HX/D4lLLd9nSiQURvJJ0nrMYZI+7p1DE
-6BsnsA2jNg==
------END CERTIFICATE-----
diff --git a/chromium/third_party/boringssl/src/crypto/x509/many_names1.pem b/chromium/third_party/boringssl/src/crypto/x509/many_names1.pem
deleted file mode 100644
index cf6a0df3c66..00000000000
--- a/chromium/third_party/boringssl/src/crypto/x509/many_names1.pem
+++ /dev/null
@@ -1,409 +0,0 @@
------BEGIN CERTIFICATE-----
-MIJMMTCCSxmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
-Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowgjO+MRAwDgYDVQQDEwd0
-MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI
-dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB
-Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B
-CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3
-DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI
-hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq
-hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG
-CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw
-FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx
-FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz
-dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0
-ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy
-QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
-MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW
-CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ
-ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN
-AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG
-9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG
-SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ
-KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV
-BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX
-MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0
-MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl
-c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA
-dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1
-N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI
-dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB
-Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B
-CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3
-DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI
-hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq
-hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG
-CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw
-FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx
-FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz
-dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0
-ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw
-QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
-ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW
-CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ
-ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN
-AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG
-9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG
-SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ
-KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV
-BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX
-MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyNTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyNjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDI2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjY1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyNjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDI3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjc0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyNzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0Mjc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzhAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDI3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4NUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0Mjg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyODdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDI4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjg5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyOTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5MUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-Mjk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDI5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjk4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyOTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwMEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMDJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDMwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzMDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMw
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzMDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwOUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDMxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzEzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzMTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxNUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MzE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDMyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzIyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzMjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMyNEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDMyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzI4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzMjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMz
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzMzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzM0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMzVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDMzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzM3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzMzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzOUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MzQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDM0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzQ2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzNDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0OEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDM1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzUyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzNTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzNTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1N0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDM2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzYxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzNjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MzY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDM2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzcwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzNzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNzRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDM3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzNzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDM4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzg1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0Mzg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOTJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDM5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzk0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzOTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0Mzk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOThAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDM5OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQw
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0MDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQwNUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDA2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQwOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDA5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0MTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxMUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDEyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDE1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQxN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDE4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0MTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyMEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDIxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQyM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQy
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0MjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyOUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDMwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQzMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDMzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0MzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzNUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDM2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDM5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQ0MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0NDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ0NEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDQ1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQ0N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQ4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDUxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0NTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1M0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDU0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NTVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQ1NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDU3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0NThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1OUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDYwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDYzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQ2NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDY2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0NjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2OEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDY5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQ3MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDcyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDc1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0NzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3N0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDc4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQ4MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDgxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0ODJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDg0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDg3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQ4OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDkwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0OTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDkzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQ5NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ1MDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwMUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NTAyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDUwNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTA1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ1MDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwN0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NTA4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NTExQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MTJAdGVzdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwuPb29W75T63JfNJKKdYi6YrmK
-M+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8iWxh2S6rzAr1Yj+qXeDBaMf4o
-BEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFcV/i0bcIFt5p7v7wbu686a/w0
-vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUWPaKsJluwR514pJv74urIyEt+
-dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb/GjvQ6YfvDXRrYPCxWMk0x3F
-MSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj3kIrLbkCAwEAAaOCFeUwghXh
-MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E
-AjAAMIIVqgYDVR0RBIIVoTCCFZ2CB3QwLnRlc3SCB3QxLnRlc3SCB3QyLnRlc3SC
-B3QzLnRlc3SCB3Q0LnRlc3SCB3Q1LnRlc3SCB3Q2LnRlc3SCB3Q3LnRlc3SCB3Q4
-LnRlc3SCB3Q5LnRlc3SCCHQxMC50ZXN0ggh0MTEudGVzdIIIdDEyLnRlc3SCCHQx
-My50ZXN0ggh0MTQudGVzdIIIdDE1LnRlc3SCCHQxNi50ZXN0ggh0MTcudGVzdIII
-dDE4LnRlc3SCCHQxOS50ZXN0ggh0MjAudGVzdIIIdDIxLnRlc3SCCHQyMi50ZXN0
-ggh0MjMudGVzdIIIdDI0LnRlc3SCCHQyNS50ZXN0ggh0MjYudGVzdIIIdDI3LnRl
-c3SCCHQyOC50ZXN0ggh0MjkudGVzdIIIdDMwLnRlc3SCCHQzMS50ZXN0ggh0MzIu
-dGVzdIIIdDMzLnRlc3SCCHQzNC50ZXN0ggh0MzUudGVzdIIIdDM2LnRlc3SCCHQz
-Ny50ZXN0ggh0MzgudGVzdIIIdDM5LnRlc3SCCHQ0MC50ZXN0ggh0NDEudGVzdIII
-dDQyLnRlc3SCCHQ0My50ZXN0ggh0NDQudGVzdIIIdDQ1LnRlc3SCCHQ0Ni50ZXN0
-ggh0NDcudGVzdIIIdDQ4LnRlc3SCCHQ0OS50ZXN0ggh0NTAudGVzdIIIdDUxLnRl
-c3SCCHQ1Mi50ZXN0ggh0NTMudGVzdIIIdDU0LnRlc3SCCHQ1NS50ZXN0ggh0NTYu
-dGVzdIIIdDU3LnRlc3SCCHQ1OC50ZXN0ggh0NTkudGVzdIIIdDYwLnRlc3SCCHQ2
-MS50ZXN0ggh0NjIudGVzdIIIdDYzLnRlc3SCCHQ2NC50ZXN0ggh0NjUudGVzdIII
-dDY2LnRlc3SCCHQ2Ny50ZXN0ggh0NjgudGVzdIIIdDY5LnRlc3SCCHQ3MC50ZXN0
-ggh0NzEudGVzdIIIdDcyLnRlc3SCCHQ3My50ZXN0ggh0NzQudGVzdIIIdDc1LnRl
-c3SCCHQ3Ni50ZXN0ggh0NzcudGVzdIIIdDc4LnRlc3SCCHQ3OS50ZXN0ggh0ODAu
-dGVzdIIIdDgxLnRlc3SCCHQ4Mi50ZXN0ggh0ODMudGVzdIIIdDg0LnRlc3SCCHQ4
-NS50ZXN0ggh0ODYudGVzdIIIdDg3LnRlc3SCCHQ4OC50ZXN0ggh0ODkudGVzdIII
-dDkwLnRlc3SCCHQ5MS50ZXN0ggh0OTIudGVzdIIIdDkzLnRlc3SCCHQ5NC50ZXN0
-ggh0OTUudGVzdIIIdDk2LnRlc3SCCHQ5Ny50ZXN0ggh0OTgudGVzdIIIdDk5LnRl
-c3SCCXQxMDAudGVzdIIJdDEwMS50ZXN0ggl0MTAyLnRlc3SCCXQxMDMudGVzdIIJ
-dDEwNC50ZXN0ggl0MTA1LnRlc3SCCXQxMDYudGVzdIIJdDEwNy50ZXN0ggl0MTA4
-LnRlc3SCCXQxMDkudGVzdIIJdDExMC50ZXN0ggl0MTExLnRlc3SCCXQxMTIudGVz
-dIIJdDExMy50ZXN0ggl0MTE0LnRlc3SCCXQxMTUudGVzdIIJdDExNi50ZXN0ggl0
-MTE3LnRlc3SCCXQxMTgudGVzdIIJdDExOS50ZXN0ggl0MTIwLnRlc3SCCXQxMjEu
-dGVzdIIJdDEyMi50ZXN0ggl0MTIzLnRlc3SCCXQxMjQudGVzdIIJdDEyNS50ZXN0
-ggl0MTI2LnRlc3SCCXQxMjcudGVzdIIJdDEyOC50ZXN0ggl0MTI5LnRlc3SCCXQx
-MzAudGVzdIIJdDEzMS50ZXN0ggl0MTMyLnRlc3SCCXQxMzMudGVzdIIJdDEzNC50
-ZXN0ggl0MTM1LnRlc3SCCXQxMzYudGVzdIIJdDEzNy50ZXN0ggl0MTM4LnRlc3SC
-CXQxMzkudGVzdIIJdDE0MC50ZXN0ggl0MTQxLnRlc3SCCXQxNDIudGVzdIIJdDE0
-My50ZXN0ggl0MTQ0LnRlc3SCCXQxNDUudGVzdIIJdDE0Ni50ZXN0ggl0MTQ3LnRl
-c3SCCXQxNDgudGVzdIIJdDE0OS50ZXN0ggl0MTUwLnRlc3SCCXQxNTEudGVzdIIJ
-dDE1Mi50ZXN0ggl0MTUzLnRlc3SCCXQxNTQudGVzdIIJdDE1NS50ZXN0ggl0MTU2
-LnRlc3SCCXQxNTcudGVzdIIJdDE1OC50ZXN0ggl0MTU5LnRlc3SCCXQxNjAudGVz
-dIIJdDE2MS50ZXN0ggl0MTYyLnRlc3SCCXQxNjMudGVzdIIJdDE2NC50ZXN0ggl0
-MTY1LnRlc3SCCXQxNjYudGVzdIIJdDE2Ny50ZXN0ggl0MTY4LnRlc3SCCXQxNjku
-dGVzdIIJdDE3MC50ZXN0ggl0MTcxLnRlc3SCCXQxNzIudGVzdIIJdDE3My50ZXN0
-ggl0MTc0LnRlc3SCCXQxNzUudGVzdIIJdDE3Ni50ZXN0ggl0MTc3LnRlc3SCCXQx
-NzgudGVzdIIJdDE3OS50ZXN0ggl0MTgwLnRlc3SCCXQxODEudGVzdIIJdDE4Mi50
-ZXN0ggl0MTgzLnRlc3SCCXQxODQudGVzdIIJdDE4NS50ZXN0ggl0MTg2LnRlc3SC
-CXQxODcudGVzdIIJdDE4OC50ZXN0ggl0MTg5LnRlc3SCCXQxOTAudGVzdIIJdDE5
-MS50ZXN0ggl0MTkyLnRlc3SCCXQxOTMudGVzdIIJdDE5NC50ZXN0ggl0MTk1LnRl
-c3SCCXQxOTYudGVzdIIJdDE5Ny50ZXN0ggl0MTk4LnRlc3SCCXQxOTkudGVzdIIJ
-dDIwMC50ZXN0ggl0MjAxLnRlc3SCCXQyMDIudGVzdIIJdDIwMy50ZXN0ggl0MjA0
-LnRlc3SCCXQyMDUudGVzdIIJdDIwNi50ZXN0ggl0MjA3LnRlc3SCCXQyMDgudGVz
-dIIJdDIwOS50ZXN0ggl0MjEwLnRlc3SCCXQyMTEudGVzdIIJdDIxMi50ZXN0ggl0
-MjEzLnRlc3SCCXQyMTQudGVzdIIJdDIxNS50ZXN0ggl0MjE2LnRlc3SCCXQyMTcu
-dGVzdIIJdDIxOC50ZXN0ggl0MjE5LnRlc3SCCXQyMjAudGVzdIIJdDIyMS50ZXN0
-ggl0MjIyLnRlc3SCCXQyMjMudGVzdIIJdDIyNC50ZXN0ggl0MjI1LnRlc3SCCXQy
-MjYudGVzdIIJdDIyNy50ZXN0ggl0MjI4LnRlc3SCCXQyMjkudGVzdIIJdDIzMC50
-ZXN0ggl0MjMxLnRlc3SCCXQyMzIudGVzdIIJdDIzMy50ZXN0ggl0MjM0LnRlc3SC
-CXQyMzUudGVzdIIJdDIzNi50ZXN0ggl0MjM3LnRlc3SCCXQyMzgudGVzdIIJdDIz
-OS50ZXN0ggl0MjQwLnRlc3SCCXQyNDEudGVzdIIJdDI0Mi50ZXN0ggl0MjQzLnRl
-c3SCCXQyNDQudGVzdIIJdDI0NS50ZXN0ggl0MjQ2LnRlc3SCCXQyNDcudGVzdIIJ
-dDI0OC50ZXN0ggl0MjQ5LnRlc3SCCXQyNTAudGVzdIIJdDI1MS50ZXN0ggl0MjUy
-LnRlc3SCCXQyNTMudGVzdIIJdDI1NC50ZXN0ggl0MjU1LnRlc3SCCXQyNTYudGVz
-dIIJdDI1Ny50ZXN0ggl0MjU4LnRlc3SCCXQyNTkudGVzdIIJdDI2MC50ZXN0ggl0
-MjYxLnRlc3SCCXQyNjIudGVzdIIJdDI2My50ZXN0ggl0MjY0LnRlc3SCCXQyNjUu
-dGVzdIIJdDI2Ni50ZXN0ggl0MjY3LnRlc3SCCXQyNjgudGVzdIIJdDI2OS50ZXN0
-ggl0MjcwLnRlc3SCCXQyNzEudGVzdIIJdDI3Mi50ZXN0ggl0MjczLnRlc3SCCXQy
-NzQudGVzdIIJdDI3NS50ZXN0ggl0Mjc2LnRlc3SCCXQyNzcudGVzdIIJdDI3OC50
-ZXN0ggl0Mjc5LnRlc3SCCXQyODAudGVzdIIJdDI4MS50ZXN0ggl0MjgyLnRlc3SC
-CXQyODMudGVzdIIJdDI4NC50ZXN0ggl0Mjg1LnRlc3SCCXQyODYudGVzdIIJdDI4
-Ny50ZXN0ggl0Mjg4LnRlc3SCCXQyODkudGVzdIIJdDI5MC50ZXN0ggl0MjkxLnRl
-c3SCCXQyOTIudGVzdIIJdDI5My50ZXN0ggl0Mjk0LnRlc3SCCXQyOTUudGVzdIIJ
-dDI5Ni50ZXN0ggl0Mjk3LnRlc3SCCXQyOTgudGVzdIIJdDI5OS50ZXN0ggl0MzAw
-LnRlc3SCCXQzMDEudGVzdIIJdDMwMi50ZXN0ggl0MzAzLnRlc3SCCXQzMDQudGVz
-dIIJdDMwNS50ZXN0ggl0MzA2LnRlc3SCCXQzMDcudGVzdIIJdDMwOC50ZXN0ggl0
-MzA5LnRlc3SCCXQzMTAudGVzdIIJdDMxMS50ZXN0ggl0MzEyLnRlc3SCCXQzMTMu
-dGVzdIIJdDMxNC50ZXN0ggl0MzE1LnRlc3SCCXQzMTYudGVzdIIJdDMxNy50ZXN0
-ggl0MzE4LnRlc3SCCXQzMTkudGVzdIIJdDMyMC50ZXN0ggl0MzIxLnRlc3SCCXQz
-MjIudGVzdIIJdDMyMy50ZXN0ggl0MzI0LnRlc3SCCXQzMjUudGVzdIIJdDMyNi50
-ZXN0ggl0MzI3LnRlc3SCCXQzMjgudGVzdIIJdDMyOS50ZXN0ggl0MzMwLnRlc3SC
-CXQzMzEudGVzdIIJdDMzMi50ZXN0ggl0MzMzLnRlc3SCCXQzMzQudGVzdIIJdDMz
-NS50ZXN0ggl0MzM2LnRlc3SCCXQzMzcudGVzdIIJdDMzOC50ZXN0ggl0MzM5LnRl
-c3SCCXQzNDAudGVzdIIJdDM0MS50ZXN0ggl0MzQyLnRlc3SCCXQzNDMudGVzdIIJ
-dDM0NC50ZXN0ggl0MzQ1LnRlc3SCCXQzNDYudGVzdIIJdDM0Ny50ZXN0ggl0MzQ4
-LnRlc3SCCXQzNDkudGVzdIIJdDM1MC50ZXN0ggl0MzUxLnRlc3SCCXQzNTIudGVz
-dIIJdDM1My50ZXN0ggl0MzU0LnRlc3SCCXQzNTUudGVzdIIJdDM1Ni50ZXN0ggl0
-MzU3LnRlc3SCCXQzNTgudGVzdIIJdDM1OS50ZXN0ggl0MzYwLnRlc3SCCXQzNjEu
-dGVzdIIJdDM2Mi50ZXN0ggl0MzYzLnRlc3SCCXQzNjQudGVzdIIJdDM2NS50ZXN0
-ggl0MzY2LnRlc3SCCXQzNjcudGVzdIIJdDM2OC50ZXN0ggl0MzY5LnRlc3SCCXQz
-NzAudGVzdIIJdDM3MS50ZXN0ggl0MzcyLnRlc3SCCXQzNzMudGVzdIIJdDM3NC50
-ZXN0ggl0Mzc1LnRlc3SCCXQzNzYudGVzdIIJdDM3Ny50ZXN0ggl0Mzc4LnRlc3SC
-CXQzNzkudGVzdIIJdDM4MC50ZXN0ggl0MzgxLnRlc3SCCXQzODIudGVzdIIJdDM4
-My50ZXN0ggl0Mzg0LnRlc3SCCXQzODUudGVzdIIJdDM4Ni50ZXN0ggl0Mzg3LnRl
-c3SCCXQzODgudGVzdIIJdDM4OS50ZXN0ggl0MzkwLnRlc3SCCXQzOTEudGVzdIIJ
-dDM5Mi50ZXN0ggl0MzkzLnRlc3SCCXQzOTQudGVzdIIJdDM5NS50ZXN0ggl0Mzk2
-LnRlc3SCCXQzOTcudGVzdIIJdDM5OC50ZXN0ggl0Mzk5LnRlc3SCCXQ0MDAudGVz
-dIIJdDQwMS50ZXN0ggl0NDAyLnRlc3SCCXQ0MDMudGVzdIIJdDQwNC50ZXN0ggl0
-NDA1LnRlc3SCCXQ0MDYudGVzdIIJdDQwNy50ZXN0ggl0NDA4LnRlc3SCCXQ0MDku
-dGVzdIIJdDQxMC50ZXN0ggl0NDExLnRlc3SCCXQ0MTIudGVzdIIJdDQxMy50ZXN0
-ggl0NDE0LnRlc3SCCXQ0MTUudGVzdIIJdDQxNi50ZXN0ggl0NDE3LnRlc3SCCXQ0
-MTgudGVzdIIJdDQxOS50ZXN0ggl0NDIwLnRlc3SCCXQ0MjEudGVzdIIJdDQyMi50
-ZXN0ggl0NDIzLnRlc3SCCXQ0MjQudGVzdIIJdDQyNS50ZXN0ggl0NDI2LnRlc3SC
-CXQ0MjcudGVzdIIJdDQyOC50ZXN0ggl0NDI5LnRlc3SCCXQ0MzAudGVzdIIJdDQz
-MS50ZXN0ggl0NDMyLnRlc3SCCXQ0MzMudGVzdIIJdDQzNC50ZXN0ggl0NDM1LnRl
-c3SCCXQ0MzYudGVzdIIJdDQzNy50ZXN0ggl0NDM4LnRlc3SCCXQ0MzkudGVzdIIJ
-dDQ0MC50ZXN0ggl0NDQxLnRlc3SCCXQ0NDIudGVzdIIJdDQ0My50ZXN0ggl0NDQ0
-LnRlc3SCCXQ0NDUudGVzdIIJdDQ0Ni50ZXN0ggl0NDQ3LnRlc3SCCXQ0NDgudGVz
-dIIJdDQ0OS50ZXN0ggl0NDUwLnRlc3SCCXQ0NTEudGVzdIIJdDQ1Mi50ZXN0ggl0
-NDUzLnRlc3SCCXQ0NTQudGVzdIIJdDQ1NS50ZXN0ggl0NDU2LnRlc3SCCXQ0NTcu
-dGVzdIIJdDQ1OC50ZXN0ggl0NDU5LnRlc3SCCXQ0NjAudGVzdIIJdDQ2MS50ZXN0
-ggl0NDYyLnRlc3SCCXQ0NjMudGVzdIIJdDQ2NC50ZXN0ggl0NDY1LnRlc3SCCXQ0
-NjYudGVzdIIJdDQ2Ny50ZXN0ggl0NDY4LnRlc3SCCXQ0NjkudGVzdIIJdDQ3MC50
-ZXN0ggl0NDcxLnRlc3SCCXQ0NzIudGVzdIIJdDQ3My50ZXN0ggl0NDc0LnRlc3SC
-CXQ0NzUudGVzdIIJdDQ3Ni50ZXN0ggl0NDc3LnRlc3SCCXQ0NzgudGVzdIIJdDQ3
-OS50ZXN0ggl0NDgwLnRlc3SCCXQ0ODEudGVzdIIJdDQ4Mi50ZXN0ggl0NDgzLnRl
-c3SCCXQ0ODQudGVzdIIJdDQ4NS50ZXN0ggl0NDg2LnRlc3SCCXQ0ODcudGVzdIIJ
-dDQ4OC50ZXN0ggl0NDg5LnRlc3SCCXQ0OTAudGVzdIIJdDQ5MS50ZXN0ggl0NDky
-LnRlc3SCCXQ0OTMudGVzdIIJdDQ5NC50ZXN0ggl0NDk1LnRlc3SCCXQ0OTYudGVz
-dIIJdDQ5Ny50ZXN0ggl0NDk4LnRlc3SCCXQ0OTkudGVzdIIJdDUwMC50ZXN0ggl0
-NTAxLnRlc3SCCXQ1MDIudGVzdIIJdDUwMy50ZXN0ggl0NTA0LnRlc3SCCXQ1MDUu
-dGVzdIIJdDUwNi50ZXN0ggl0NTA3LnRlc3SCCXQ1MDgudGVzdIIJdDUwOS50ZXN0
-ggl0NTEwLnRlc3SCCXQ1MTEudGVzdIIJdDUxMi50ZXN0MA0GCSqGSIb3DQEBCwUA
-A4IBAQCp6JcB0NWRQJSgjsI0ycv1gpuoo2k/NjPlkYCcsLwmTPRVdpBHi9MJNS2i
-MKPk7Wek2y9wJw6QPq9fMi/XSmEqRcFC8uBZ9evyTwmVbzzRsEN3qGHCrVdOnVLa
-D7x7NjoTLApVNelYTxMPEennTd9+we8cl0T2TqosTnbxyvP+pnwtpazjDAFKlt8e
-JpLRlRtWR/aScZ+P8CGj4b3prp12NJIAPG9W2ZqiHNLNMhTQG4Bz+O5+zMnIbC+e
-Ahc4co+A/7qzselNZL1pcFFyRtTeLAcREuZVTTRa/EXmlLqzMe+UEEinEtdktnPL
-KO0ED3qPXggpBbFaa4/PVubBS4QU
------END CERTIFICATE-----
diff --git a/chromium/third_party/boringssl/src/crypto/x509/many_names2.pem b/chromium/third_party/boringssl/src/crypto/x509/many_names2.pem
deleted file mode 100644
index 842ac608963..00000000000
--- a/chromium/third_party/boringssl/src/crypto/x509/many_names2.pem
+++ /dev/null
@@ -1,251 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIunDCCLYSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
-Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowEjEQMA4GA1UEAxMHdDAu
-dGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwu
-Pb29W75T63JfNJKKdYi6YrmKM+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8i
-Wxh2S6rzAr1Yj+qXeDBaMf4oBEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFc
-V/i0bcIFt5p7v7wbu686a/w0vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUW
-PaKsJluwR514pJv74urIyEt+dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb
-/GjvQ6YfvDXRrYPCxWMk0x3FMSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj
-3kIrLbkCAwEAAaOCK/4wgiv6MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
-BgEFBQcDATAMBgNVHRMBAf8EAjAAMIIrwwYDVR0RBIIrujCCK7aCB3QwLnRlc3SC
-B3QxLnRlc3SCB3QyLnRlc3SCB3QzLnRlc3SCB3Q0LnRlc3SCB3Q1LnRlc3SCB3Q2
-LnRlc3SCB3Q3LnRlc3SCB3Q4LnRlc3SCB3Q5LnRlc3SCCHQxMC50ZXN0ggh0MTEu
-dGVzdIIIdDEyLnRlc3SCCHQxMy50ZXN0ggh0MTQudGVzdIIIdDE1LnRlc3SCCHQx
-Ni50ZXN0ggh0MTcudGVzdIIIdDE4LnRlc3SCCHQxOS50ZXN0ggh0MjAudGVzdIII
-dDIxLnRlc3SCCHQyMi50ZXN0ggh0MjMudGVzdIIIdDI0LnRlc3SCCHQyNS50ZXN0
-ggh0MjYudGVzdIIIdDI3LnRlc3SCCHQyOC50ZXN0ggh0MjkudGVzdIIIdDMwLnRl
-c3SCCHQzMS50ZXN0ggh0MzIudGVzdIIIdDMzLnRlc3SCCHQzNC50ZXN0ggh0MzUu
-dGVzdIIIdDM2LnRlc3SCCHQzNy50ZXN0ggh0MzgudGVzdIIIdDM5LnRlc3SCCHQ0
-MC50ZXN0ggh0NDEudGVzdIIIdDQyLnRlc3SCCHQ0My50ZXN0ggh0NDQudGVzdIII
-dDQ1LnRlc3SCCHQ0Ni50ZXN0ggh0NDcudGVzdIIIdDQ4LnRlc3SCCHQ0OS50ZXN0
-ggh0NTAudGVzdIIIdDUxLnRlc3SCCHQ1Mi50ZXN0ggh0NTMudGVzdIIIdDU0LnRl
-c3SCCHQ1NS50ZXN0ggh0NTYudGVzdIIIdDU3LnRlc3SCCHQ1OC50ZXN0ggh0NTku
-dGVzdIIIdDYwLnRlc3SCCHQ2MS50ZXN0ggh0NjIudGVzdIIIdDYzLnRlc3SCCHQ2
-NC50ZXN0ggh0NjUudGVzdIIIdDY2LnRlc3SCCHQ2Ny50ZXN0ggh0NjgudGVzdIII
-dDY5LnRlc3SCCHQ3MC50ZXN0ggh0NzEudGVzdIIIdDcyLnRlc3SCCHQ3My50ZXN0
-ggh0NzQudGVzdIIIdDc1LnRlc3SCCHQ3Ni50ZXN0ggh0NzcudGVzdIIIdDc4LnRl
-c3SCCHQ3OS50ZXN0ggh0ODAudGVzdIIIdDgxLnRlc3SCCHQ4Mi50ZXN0ggh0ODMu
-dGVzdIIIdDg0LnRlc3SCCHQ4NS50ZXN0ggh0ODYudGVzdIIIdDg3LnRlc3SCCHQ4
-OC50ZXN0ggh0ODkudGVzdIIIdDkwLnRlc3SCCHQ5MS50ZXN0ggh0OTIudGVzdIII
-dDkzLnRlc3SCCHQ5NC50ZXN0ggh0OTUudGVzdIIIdDk2LnRlc3SCCHQ5Ny50ZXN0
-ggh0OTgudGVzdIIIdDk5LnRlc3SCCXQxMDAudGVzdIIJdDEwMS50ZXN0ggl0MTAy
-LnRlc3SCCXQxMDMudGVzdIIJdDEwNC50ZXN0ggl0MTA1LnRlc3SCCXQxMDYudGVz
-dIIJdDEwNy50ZXN0ggl0MTA4LnRlc3SCCXQxMDkudGVzdIIJdDExMC50ZXN0ggl0
-MTExLnRlc3SCCXQxMTIudGVzdIIJdDExMy50ZXN0ggl0MTE0LnRlc3SCCXQxMTUu
-dGVzdIIJdDExNi50ZXN0ggl0MTE3LnRlc3SCCXQxMTgudGVzdIIJdDExOS50ZXN0
-ggl0MTIwLnRlc3SCCXQxMjEudGVzdIIJdDEyMi50ZXN0ggl0MTIzLnRlc3SCCXQx
-MjQudGVzdIIJdDEyNS50ZXN0ggl0MTI2LnRlc3SCCXQxMjcudGVzdIIJdDEyOC50
-ZXN0ggl0MTI5LnRlc3SCCXQxMzAudGVzdIIJdDEzMS50ZXN0ggl0MTMyLnRlc3SC
-CXQxMzMudGVzdIIJdDEzNC50ZXN0ggl0MTM1LnRlc3SCCXQxMzYudGVzdIIJdDEz
-Ny50ZXN0ggl0MTM4LnRlc3SCCXQxMzkudGVzdIIJdDE0MC50ZXN0ggl0MTQxLnRl
-c3SCCXQxNDIudGVzdIIJdDE0My50ZXN0ggl0MTQ0LnRlc3SCCXQxNDUudGVzdIIJ
-dDE0Ni50ZXN0ggl0MTQ3LnRlc3SCCXQxNDgudGVzdIIJdDE0OS50ZXN0ggl0MTUw
-LnRlc3SCCXQxNTEudGVzdIIJdDE1Mi50ZXN0ggl0MTUzLnRlc3SCCXQxNTQudGVz
-dIIJdDE1NS50ZXN0ggl0MTU2LnRlc3SCCXQxNTcudGVzdIIJdDE1OC50ZXN0ggl0
-MTU5LnRlc3SCCXQxNjAudGVzdIIJdDE2MS50ZXN0ggl0MTYyLnRlc3SCCXQxNjMu
-dGVzdIIJdDE2NC50ZXN0ggl0MTY1LnRlc3SCCXQxNjYudGVzdIIJdDE2Ny50ZXN0
-ggl0MTY4LnRlc3SCCXQxNjkudGVzdIIJdDE3MC50ZXN0ggl0MTcxLnRlc3SCCXQx
-NzIudGVzdIIJdDE3My50ZXN0ggl0MTc0LnRlc3SCCXQxNzUudGVzdIIJdDE3Ni50
-ZXN0ggl0MTc3LnRlc3SCCXQxNzgudGVzdIIJdDE3OS50ZXN0ggl0MTgwLnRlc3SC
-CXQxODEudGVzdIIJdDE4Mi50ZXN0ggl0MTgzLnRlc3SCCXQxODQudGVzdIIJdDE4
-NS50ZXN0ggl0MTg2LnRlc3SCCXQxODcudGVzdIIJdDE4OC50ZXN0ggl0MTg5LnRl
-c3SCCXQxOTAudGVzdIIJdDE5MS50ZXN0ggl0MTkyLnRlc3SCCXQxOTMudGVzdIIJ
-dDE5NC50ZXN0ggl0MTk1LnRlc3SCCXQxOTYudGVzdIIJdDE5Ny50ZXN0ggl0MTk4
-LnRlc3SCCXQxOTkudGVzdIIJdDIwMC50ZXN0ggl0MjAxLnRlc3SCCXQyMDIudGVz
-dIIJdDIwMy50ZXN0ggl0MjA0LnRlc3SCCXQyMDUudGVzdIIJdDIwNi50ZXN0ggl0
-MjA3LnRlc3SCCXQyMDgudGVzdIIJdDIwOS50ZXN0ggl0MjEwLnRlc3SCCXQyMTEu
-dGVzdIIJdDIxMi50ZXN0ggl0MjEzLnRlc3SCCXQyMTQudGVzdIIJdDIxNS50ZXN0
-ggl0MjE2LnRlc3SCCXQyMTcudGVzdIIJdDIxOC50ZXN0ggl0MjE5LnRlc3SCCXQy
-MjAudGVzdIIJdDIyMS50ZXN0ggl0MjIyLnRlc3SCCXQyMjMudGVzdIIJdDIyNC50
-ZXN0ggl0MjI1LnRlc3SCCXQyMjYudGVzdIIJdDIyNy50ZXN0ggl0MjI4LnRlc3SC
-CXQyMjkudGVzdIIJdDIzMC50ZXN0ggl0MjMxLnRlc3SCCXQyMzIudGVzdIIJdDIz
-My50ZXN0ggl0MjM0LnRlc3SCCXQyMzUudGVzdIIJdDIzNi50ZXN0ggl0MjM3LnRl
-c3SCCXQyMzgudGVzdIIJdDIzOS50ZXN0ggl0MjQwLnRlc3SCCXQyNDEudGVzdIIJ
-dDI0Mi50ZXN0ggl0MjQzLnRlc3SCCXQyNDQudGVzdIIJdDI0NS50ZXN0ggl0MjQ2
-LnRlc3SCCXQyNDcudGVzdIIJdDI0OC50ZXN0ggl0MjQ5LnRlc3SCCXQyNTAudGVz
-dIIJdDI1MS50ZXN0ggl0MjUyLnRlc3SCCXQyNTMudGVzdIIJdDI1NC50ZXN0ggl0
-MjU1LnRlc3SCCXQyNTYudGVzdIIJdDI1Ny50ZXN0ggl0MjU4LnRlc3SCCXQyNTku
-dGVzdIIJdDI2MC50ZXN0ggl0MjYxLnRlc3SCCXQyNjIudGVzdIIJdDI2My50ZXN0
-ggl0MjY0LnRlc3SCCXQyNjUudGVzdIIJdDI2Ni50ZXN0ggl0MjY3LnRlc3SCCXQy
-NjgudGVzdIIJdDI2OS50ZXN0ggl0MjcwLnRlc3SCCXQyNzEudGVzdIIJdDI3Mi50
-ZXN0ggl0MjczLnRlc3SCCXQyNzQudGVzdIIJdDI3NS50ZXN0ggl0Mjc2LnRlc3SC
-CXQyNzcudGVzdIIJdDI3OC50ZXN0ggl0Mjc5LnRlc3SCCXQyODAudGVzdIIJdDI4
-MS50ZXN0ggl0MjgyLnRlc3SCCXQyODMudGVzdIIJdDI4NC50ZXN0ggl0Mjg1LnRl
-c3SCCXQyODYudGVzdIIJdDI4Ny50ZXN0ggl0Mjg4LnRlc3SCCXQyODkudGVzdIIJ
-dDI5MC50ZXN0ggl0MjkxLnRlc3SCCXQyOTIudGVzdIIJdDI5My50ZXN0ggl0Mjk0
-LnRlc3SCCXQyOTUudGVzdIIJdDI5Ni50ZXN0ggl0Mjk3LnRlc3SCCXQyOTgudGVz
-dIIJdDI5OS50ZXN0ggl0MzAwLnRlc3SCCXQzMDEudGVzdIIJdDMwMi50ZXN0ggl0
-MzAzLnRlc3SCCXQzMDQudGVzdIIJdDMwNS50ZXN0ggl0MzA2LnRlc3SCCXQzMDcu
-dGVzdIIJdDMwOC50ZXN0ggl0MzA5LnRlc3SCCXQzMTAudGVzdIIJdDMxMS50ZXN0
-ggl0MzEyLnRlc3SCCXQzMTMudGVzdIIJdDMxNC50ZXN0ggl0MzE1LnRlc3SCCXQz
-MTYudGVzdIIJdDMxNy50ZXN0ggl0MzE4LnRlc3SCCXQzMTkudGVzdIIJdDMyMC50
-ZXN0ggl0MzIxLnRlc3SCCXQzMjIudGVzdIIJdDMyMy50ZXN0ggl0MzI0LnRlc3SC
-CXQzMjUudGVzdIIJdDMyNi50ZXN0ggl0MzI3LnRlc3SCCXQzMjgudGVzdIIJdDMy
-OS50ZXN0ggl0MzMwLnRlc3SCCXQzMzEudGVzdIIJdDMzMi50ZXN0ggl0MzMzLnRl
-c3SCCXQzMzQudGVzdIIJdDMzNS50ZXN0ggl0MzM2LnRlc3SCCXQzMzcudGVzdIIJ
-dDMzOC50ZXN0ggl0MzM5LnRlc3SCCXQzNDAudGVzdIIJdDM0MS50ZXN0ggl0MzQy
-LnRlc3SCCXQzNDMudGVzdIIJdDM0NC50ZXN0ggl0MzQ1LnRlc3SCCXQzNDYudGVz
-dIIJdDM0Ny50ZXN0ggl0MzQ4LnRlc3SCCXQzNDkudGVzdIIJdDM1MC50ZXN0ggl0
-MzUxLnRlc3SCCXQzNTIudGVzdIIJdDM1My50ZXN0ggl0MzU0LnRlc3SCCXQzNTUu
-dGVzdIIJdDM1Ni50ZXN0ggl0MzU3LnRlc3SCCXQzNTgudGVzdIIJdDM1OS50ZXN0
-ggl0MzYwLnRlc3SCCXQzNjEudGVzdIIJdDM2Mi50ZXN0ggl0MzYzLnRlc3SCCXQz
-NjQudGVzdIIJdDM2NS50ZXN0ggl0MzY2LnRlc3SCCXQzNjcudGVzdIIJdDM2OC50
-ZXN0ggl0MzY5LnRlc3SCCXQzNzAudGVzdIIJdDM3MS50ZXN0ggl0MzcyLnRlc3SC
-CXQzNzMudGVzdIIJdDM3NC50ZXN0ggl0Mzc1LnRlc3SCCXQzNzYudGVzdIIJdDM3
-Ny50ZXN0ggl0Mzc4LnRlc3SCCXQzNzkudGVzdIIJdDM4MC50ZXN0ggl0MzgxLnRl
-c3SCCXQzODIudGVzdIIJdDM4My50ZXN0ggl0Mzg0LnRlc3SCCXQzODUudGVzdIIJ
-dDM4Ni50ZXN0ggl0Mzg3LnRlc3SCCXQzODgudGVzdIIJdDM4OS50ZXN0ggl0Mzkw
-LnRlc3SCCXQzOTEudGVzdIIJdDM5Mi50ZXN0ggl0MzkzLnRlc3SCCXQzOTQudGVz
-dIIJdDM5NS50ZXN0ggl0Mzk2LnRlc3SCCXQzOTcudGVzdIIJdDM5OC50ZXN0ggl0
-Mzk5LnRlc3SCCXQ0MDAudGVzdIIJdDQwMS50ZXN0ggl0NDAyLnRlc3SCCXQ0MDMu
-dGVzdIIJdDQwNC50ZXN0ggl0NDA1LnRlc3SCCXQ0MDYudGVzdIIJdDQwNy50ZXN0
-ggl0NDA4LnRlc3SCCXQ0MDkudGVzdIIJdDQxMC50ZXN0ggl0NDExLnRlc3SCCXQ0
-MTIudGVzdIIJdDQxMy50ZXN0ggl0NDE0LnRlc3SCCXQ0MTUudGVzdIIJdDQxNi50
-ZXN0ggl0NDE3LnRlc3SCCXQ0MTgudGVzdIIJdDQxOS50ZXN0ggl0NDIwLnRlc3SC
-CXQ0MjEudGVzdIIJdDQyMi50ZXN0ggl0NDIzLnRlc3SCCXQ0MjQudGVzdIIJdDQy
-NS50ZXN0ggl0NDI2LnRlc3SCCXQ0MjcudGVzdIIJdDQyOC50ZXN0ggl0NDI5LnRl
-c3SCCXQ0MzAudGVzdIIJdDQzMS50ZXN0ggl0NDMyLnRlc3SCCXQ0MzMudGVzdIIJ
-dDQzNC50ZXN0ggl0NDM1LnRlc3SCCXQ0MzYudGVzdIIJdDQzNy50ZXN0ggl0NDM4
-LnRlc3SCCXQ0MzkudGVzdIIJdDQ0MC50ZXN0ggl0NDQxLnRlc3SCCXQ0NDIudGVz
-dIIJdDQ0My50ZXN0ggl0NDQ0LnRlc3SCCXQ0NDUudGVzdIIJdDQ0Ni50ZXN0ggl0
-NDQ3LnRlc3SCCXQ0NDgudGVzdIIJdDQ0OS50ZXN0ggl0NDUwLnRlc3SCCXQ0NTEu
-dGVzdIIJdDQ1Mi50ZXN0ggl0NDUzLnRlc3SCCXQ0NTQudGVzdIIJdDQ1NS50ZXN0
-ggl0NDU2LnRlc3SCCXQ0NTcudGVzdIIJdDQ1OC50ZXN0ggl0NDU5LnRlc3SCCXQ0
-NjAudGVzdIIJdDQ2MS50ZXN0ggl0NDYyLnRlc3SCCXQ0NjMudGVzdIIJdDQ2NC50
-ZXN0ggl0NDY1LnRlc3SCCXQ0NjYudGVzdIIJdDQ2Ny50ZXN0ggl0NDY4LnRlc3SC
-CXQ0NjkudGVzdIIJdDQ3MC50ZXN0ggl0NDcxLnRlc3SCCXQ0NzIudGVzdIIJdDQ3
-My50ZXN0ggl0NDc0LnRlc3SCCXQ0NzUudGVzdIIJdDQ3Ni50ZXN0ggl0NDc3LnRl
-c3SCCXQ0NzgudGVzdIIJdDQ3OS50ZXN0ggl0NDgwLnRlc3SCCXQ0ODEudGVzdIIJ
-dDQ4Mi50ZXN0ggl0NDgzLnRlc3SCCXQ0ODQudGVzdIIJdDQ4NS50ZXN0ggl0NDg2
-LnRlc3SCCXQ0ODcudGVzdIIJdDQ4OC50ZXN0ggl0NDg5LnRlc3SCCXQ0OTAudGVz
-dIIJdDQ5MS50ZXN0ggl0NDkyLnRlc3SCCXQ0OTMudGVzdIIJdDQ5NC50ZXN0ggl0
-NDk1LnRlc3SCCXQ0OTYudGVzdIIJdDQ5Ny50ZXN0ggl0NDk4LnRlc3SCCXQ0OTku
-dGVzdIIJdDUwMC50ZXN0ggl0NTAxLnRlc3SCCXQ1MDIudGVzdIIJdDUwMy50ZXN0
-ggl0NTA0LnRlc3SCCXQ1MDUudGVzdIIJdDUwNi50ZXN0ggl0NTA3LnRlc3SCCXQ1
-MDgudGVzdIIJdDUwOS50ZXN0ggl0NTEwLnRlc3SCCXQ1MTEudGVzdIIJdDUxMi50
-ZXN0ggl0NTEzLnRlc3SCCXQ1MTQudGVzdIIJdDUxNS50ZXN0ggl0NTE2LnRlc3SC
-CXQ1MTcudGVzdIIJdDUxOC50ZXN0ggl0NTE5LnRlc3SCCXQ1MjAudGVzdIIJdDUy
-MS50ZXN0ggl0NTIyLnRlc3SCCXQ1MjMudGVzdIIJdDUyNC50ZXN0ggl0NTI1LnRl
-c3SCCXQ1MjYudGVzdIIJdDUyNy50ZXN0ggl0NTI4LnRlc3SCCXQ1MjkudGVzdIIJ
-dDUzMC50ZXN0ggl0NTMxLnRlc3SCCXQ1MzIudGVzdIIJdDUzMy50ZXN0ggl0NTM0
-LnRlc3SCCXQ1MzUudGVzdIIJdDUzNi50ZXN0ggl0NTM3LnRlc3SCCXQ1MzgudGVz
-dIIJdDUzOS50ZXN0ggl0NTQwLnRlc3SCCXQ1NDEudGVzdIIJdDU0Mi50ZXN0ggl0
-NTQzLnRlc3SCCXQ1NDQudGVzdIIJdDU0NS50ZXN0ggl0NTQ2LnRlc3SCCXQ1NDcu
-dGVzdIIJdDU0OC50ZXN0ggl0NTQ5LnRlc3SCCXQ1NTAudGVzdIIJdDU1MS50ZXN0
-ggl0NTUyLnRlc3SCCXQ1NTMudGVzdIIJdDU1NC50ZXN0ggl0NTU1LnRlc3SCCXQ1
-NTYudGVzdIIJdDU1Ny50ZXN0ggl0NTU4LnRlc3SCCXQ1NTkudGVzdIIJdDU2MC50
-ZXN0ggl0NTYxLnRlc3SCCXQ1NjIudGVzdIIJdDU2My50ZXN0ggl0NTY0LnRlc3SC
-CXQ1NjUudGVzdIIJdDU2Ni50ZXN0ggl0NTY3LnRlc3SCCXQ1NjgudGVzdIIJdDU2
-OS50ZXN0ggl0NTcwLnRlc3SCCXQ1NzEudGVzdIIJdDU3Mi50ZXN0ggl0NTczLnRl
-c3SCCXQ1NzQudGVzdIIJdDU3NS50ZXN0ggl0NTc2LnRlc3SCCXQ1NzcudGVzdIIJ
-dDU3OC50ZXN0ggl0NTc5LnRlc3SCCXQ1ODAudGVzdIIJdDU4MS50ZXN0ggl0NTgy
-LnRlc3SCCXQ1ODMudGVzdIIJdDU4NC50ZXN0ggl0NTg1LnRlc3SCCXQ1ODYudGVz
-dIIJdDU4Ny50ZXN0ggl0NTg4LnRlc3SCCXQ1ODkudGVzdIIJdDU5MC50ZXN0ggl0
-NTkxLnRlc3SCCXQ1OTIudGVzdIIJdDU5My50ZXN0ggl0NTk0LnRlc3SCCXQ1OTUu
-dGVzdIIJdDU5Ni50ZXN0ggl0NTk3LnRlc3SCCXQ1OTgudGVzdIIJdDU5OS50ZXN0
-ggl0NjAwLnRlc3SCCXQ2MDEudGVzdIIJdDYwMi50ZXN0ggl0NjAzLnRlc3SCCXQ2
-MDQudGVzdIIJdDYwNS50ZXN0ggl0NjA2LnRlc3SCCXQ2MDcudGVzdIIJdDYwOC50
-ZXN0ggl0NjA5LnRlc3SCCXQ2MTAudGVzdIIJdDYxMS50ZXN0ggl0NjEyLnRlc3SC
-CXQ2MTMudGVzdIIJdDYxNC50ZXN0ggl0NjE1LnRlc3SCCXQ2MTYudGVzdIIJdDYx
-Ny50ZXN0ggl0NjE4LnRlc3SCCXQ2MTkudGVzdIIJdDYyMC50ZXN0ggl0NjIxLnRl
-c3SCCXQ2MjIudGVzdIIJdDYyMy50ZXN0ggl0NjI0LnRlc3SCCXQ2MjUudGVzdIIJ
-dDYyNi50ZXN0ggl0NjI3LnRlc3SCCXQ2MjgudGVzdIIJdDYyOS50ZXN0ggl0NjMw
-LnRlc3SCCXQ2MzEudGVzdIIJdDYzMi50ZXN0ggl0NjMzLnRlc3SCCXQ2MzQudGVz
-dIIJdDYzNS50ZXN0ggl0NjM2LnRlc3SCCXQ2MzcudGVzdIIJdDYzOC50ZXN0ggl0
-NjM5LnRlc3SCCXQ2NDAudGVzdIIJdDY0MS50ZXN0ggl0NjQyLnRlc3SCCXQ2NDMu
-dGVzdIIJdDY0NC50ZXN0ggl0NjQ1LnRlc3SCCXQ2NDYudGVzdIIJdDY0Ny50ZXN0
-ggl0NjQ4LnRlc3SCCXQ2NDkudGVzdIIJdDY1MC50ZXN0ggl0NjUxLnRlc3SCCXQ2
-NTIudGVzdIIJdDY1My50ZXN0ggl0NjU0LnRlc3SCCXQ2NTUudGVzdIIJdDY1Ni50
-ZXN0ggl0NjU3LnRlc3SCCXQ2NTgudGVzdIIJdDY1OS50ZXN0ggl0NjYwLnRlc3SC
-CXQ2NjEudGVzdIIJdDY2Mi50ZXN0ggl0NjYzLnRlc3SCCXQ2NjQudGVzdIIJdDY2
-NS50ZXN0ggl0NjY2LnRlc3SCCXQ2NjcudGVzdIIJdDY2OC50ZXN0ggl0NjY5LnRl
-c3SCCXQ2NzAudGVzdIIJdDY3MS50ZXN0ggl0NjcyLnRlc3SCCXQ2NzMudGVzdIIJ
-dDY3NC50ZXN0ggl0Njc1LnRlc3SCCXQ2NzYudGVzdIIJdDY3Ny50ZXN0ggl0Njc4
-LnRlc3SCCXQ2NzkudGVzdIIJdDY4MC50ZXN0ggl0NjgxLnRlc3SCCXQ2ODIudGVz
-dIIJdDY4My50ZXN0ggl0Njg0LnRlc3SCCXQ2ODUudGVzdIIJdDY4Ni50ZXN0ggl0
-Njg3LnRlc3SCCXQ2ODgudGVzdIIJdDY4OS50ZXN0ggl0NjkwLnRlc3SCCXQ2OTEu
-dGVzdIIJdDY5Mi50ZXN0ggl0NjkzLnRlc3SCCXQ2OTQudGVzdIIJdDY5NS50ZXN0
-ggl0Njk2LnRlc3SCCXQ2OTcudGVzdIIJdDY5OC50ZXN0ggl0Njk5LnRlc3SCCXQ3
-MDAudGVzdIIJdDcwMS50ZXN0ggl0NzAyLnRlc3SCCXQ3MDMudGVzdIIJdDcwNC50
-ZXN0ggl0NzA1LnRlc3SCCXQ3MDYudGVzdIIJdDcwNy50ZXN0ggl0NzA4LnRlc3SC
-CXQ3MDkudGVzdIIJdDcxMC50ZXN0ggl0NzExLnRlc3SCCXQ3MTIudGVzdIIJdDcx
-My50ZXN0ggl0NzE0LnRlc3SCCXQ3MTUudGVzdIIJdDcxNi50ZXN0ggl0NzE3LnRl
-c3SCCXQ3MTgudGVzdIIJdDcxOS50ZXN0ggl0NzIwLnRlc3SCCXQ3MjEudGVzdIIJ
-dDcyMi50ZXN0ggl0NzIzLnRlc3SCCXQ3MjQudGVzdIIJdDcyNS50ZXN0ggl0NzI2
-LnRlc3SCCXQ3MjcudGVzdIIJdDcyOC50ZXN0ggl0NzI5LnRlc3SCCXQ3MzAudGVz
-dIIJdDczMS50ZXN0ggl0NzMyLnRlc3SCCXQ3MzMudGVzdIIJdDczNC50ZXN0ggl0
-NzM1LnRlc3SCCXQ3MzYudGVzdIIJdDczNy50ZXN0ggl0NzM4LnRlc3SCCXQ3Mzku
-dGVzdIIJdDc0MC50ZXN0ggl0NzQxLnRlc3SCCXQ3NDIudGVzdIIJdDc0My50ZXN0
-ggl0NzQ0LnRlc3SCCXQ3NDUudGVzdIIJdDc0Ni50ZXN0ggl0NzQ3LnRlc3SCCXQ3
-NDgudGVzdIIJdDc0OS50ZXN0ggl0NzUwLnRlc3SCCXQ3NTEudGVzdIIJdDc1Mi50
-ZXN0ggl0NzUzLnRlc3SCCXQ3NTQudGVzdIIJdDc1NS50ZXN0ggl0NzU2LnRlc3SC
-CXQ3NTcudGVzdIIJdDc1OC50ZXN0ggl0NzU5LnRlc3SCCXQ3NjAudGVzdIIJdDc2
-MS50ZXN0ggl0NzYyLnRlc3SCCXQ3NjMudGVzdIIJdDc2NC50ZXN0ggl0NzY1LnRl
-c3SCCXQ3NjYudGVzdIIJdDc2Ny50ZXN0ggl0NzY4LnRlc3SCCXQ3NjkudGVzdIIJ
-dDc3MC50ZXN0ggl0NzcxLnRlc3SCCXQ3NzIudGVzdIIJdDc3My50ZXN0ggl0Nzc0
-LnRlc3SCCXQ3NzUudGVzdIIJdDc3Ni50ZXN0ggl0Nzc3LnRlc3SCCXQ3NzgudGVz
-dIIJdDc3OS50ZXN0ggl0NzgwLnRlc3SCCXQ3ODEudGVzdIIJdDc4Mi50ZXN0ggl0
-NzgzLnRlc3SCCXQ3ODQudGVzdIIJdDc4NS50ZXN0ggl0Nzg2LnRlc3SCCXQ3ODcu
-dGVzdIIJdDc4OC50ZXN0ggl0Nzg5LnRlc3SCCXQ3OTAudGVzdIIJdDc5MS50ZXN0
-ggl0NzkyLnRlc3SCCXQ3OTMudGVzdIIJdDc5NC50ZXN0ggl0Nzk1LnRlc3SCCXQ3
-OTYudGVzdIIJdDc5Ny50ZXN0ggl0Nzk4LnRlc3SCCXQ3OTkudGVzdIIJdDgwMC50
-ZXN0ggl0ODAxLnRlc3SCCXQ4MDIudGVzdIIJdDgwMy50ZXN0ggl0ODA0LnRlc3SC
-CXQ4MDUudGVzdIIJdDgwNi50ZXN0ggl0ODA3LnRlc3SCCXQ4MDgudGVzdIIJdDgw
-OS50ZXN0ggl0ODEwLnRlc3SCCXQ4MTEudGVzdIIJdDgxMi50ZXN0ggl0ODEzLnRl
-c3SCCXQ4MTQudGVzdIIJdDgxNS50ZXN0ggl0ODE2LnRlc3SCCXQ4MTcudGVzdIIJ
-dDgxOC50ZXN0ggl0ODE5LnRlc3SCCXQ4MjAudGVzdIIJdDgyMS50ZXN0ggl0ODIy
-LnRlc3SCCXQ4MjMudGVzdIIJdDgyNC50ZXN0ggl0ODI1LnRlc3SCCXQ4MjYudGVz
-dIIJdDgyNy50ZXN0ggl0ODI4LnRlc3SCCXQ4MjkudGVzdIIJdDgzMC50ZXN0ggl0
-ODMxLnRlc3SCCXQ4MzIudGVzdIIJdDgzMy50ZXN0ggl0ODM0LnRlc3SCCXQ4MzUu
-dGVzdIIJdDgzNi50ZXN0ggl0ODM3LnRlc3SCCXQ4MzgudGVzdIIJdDgzOS50ZXN0
-ggl0ODQwLnRlc3SCCXQ4NDEudGVzdIIJdDg0Mi50ZXN0ggl0ODQzLnRlc3SCCXQ4
-NDQudGVzdIIJdDg0NS50ZXN0ggl0ODQ2LnRlc3SCCXQ4NDcudGVzdIIJdDg0OC50
-ZXN0ggl0ODQ5LnRlc3SCCXQ4NTAudGVzdIIJdDg1MS50ZXN0ggl0ODUyLnRlc3SC
-CXQ4NTMudGVzdIIJdDg1NC50ZXN0ggl0ODU1LnRlc3SCCXQ4NTYudGVzdIIJdDg1
-Ny50ZXN0ggl0ODU4LnRlc3SCCXQ4NTkudGVzdIIJdDg2MC50ZXN0ggl0ODYxLnRl
-c3SCCXQ4NjIudGVzdIIJdDg2My50ZXN0ggl0ODY0LnRlc3SCCXQ4NjUudGVzdIIJ
-dDg2Ni50ZXN0ggl0ODY3LnRlc3SCCXQ4NjgudGVzdIIJdDg2OS50ZXN0ggl0ODcw
-LnRlc3SCCXQ4NzEudGVzdIIJdDg3Mi50ZXN0ggl0ODczLnRlc3SCCXQ4NzQudGVz
-dIIJdDg3NS50ZXN0ggl0ODc2LnRlc3SCCXQ4NzcudGVzdIIJdDg3OC50ZXN0ggl0
-ODc5LnRlc3SCCXQ4ODAudGVzdIIJdDg4MS50ZXN0ggl0ODgyLnRlc3SCCXQ4ODMu
-dGVzdIIJdDg4NC50ZXN0ggl0ODg1LnRlc3SCCXQ4ODYudGVzdIIJdDg4Ny50ZXN0
-ggl0ODg4LnRlc3SCCXQ4ODkudGVzdIIJdDg5MC50ZXN0ggl0ODkxLnRlc3SCCXQ4
-OTIudGVzdIIJdDg5My50ZXN0ggl0ODk0LnRlc3SCCXQ4OTUudGVzdIIJdDg5Ni50
-ZXN0ggl0ODk3LnRlc3SCCXQ4OTgudGVzdIIJdDg5OS50ZXN0ggl0OTAwLnRlc3SC
-CXQ5MDEudGVzdIIJdDkwMi50ZXN0ggl0OTAzLnRlc3SCCXQ5MDQudGVzdIIJdDkw
-NS50ZXN0ggl0OTA2LnRlc3SCCXQ5MDcudGVzdIIJdDkwOC50ZXN0ggl0OTA5LnRl
-c3SCCXQ5MTAudGVzdIIJdDkxMS50ZXN0ggl0OTEyLnRlc3SCCXQ5MTMudGVzdIIJ
-dDkxNC50ZXN0ggl0OTE1LnRlc3SCCXQ5MTYudGVzdIIJdDkxNy50ZXN0ggl0OTE4
-LnRlc3SCCXQ5MTkudGVzdIIJdDkyMC50ZXN0ggl0OTIxLnRlc3SCCXQ5MjIudGVz
-dIIJdDkyMy50ZXN0ggl0OTI0LnRlc3SCCXQ5MjUudGVzdIIJdDkyNi50ZXN0ggl0
-OTI3LnRlc3SCCXQ5MjgudGVzdIIJdDkyOS50ZXN0ggl0OTMwLnRlc3SCCXQ5MzEu
-dGVzdIIJdDkzMi50ZXN0ggl0OTMzLnRlc3SCCXQ5MzQudGVzdIIJdDkzNS50ZXN0
-ggl0OTM2LnRlc3SCCXQ5MzcudGVzdIIJdDkzOC50ZXN0ggl0OTM5LnRlc3SCCXQ5
-NDAudGVzdIIJdDk0MS50ZXN0ggl0OTQyLnRlc3SCCXQ5NDMudGVzdIIJdDk0NC50
-ZXN0ggl0OTQ1LnRlc3SCCXQ5NDYudGVzdIIJdDk0Ny50ZXN0ggl0OTQ4LnRlc3SC
-CXQ5NDkudGVzdIIJdDk1MC50ZXN0ggl0OTUxLnRlc3SCCXQ5NTIudGVzdIIJdDk1
-My50ZXN0ggl0OTU0LnRlc3SCCXQ5NTUudGVzdIIJdDk1Ni50ZXN0ggl0OTU3LnRl
-c3SCCXQ5NTgudGVzdIIJdDk1OS50ZXN0ggl0OTYwLnRlc3SCCXQ5NjEudGVzdIIJ
-dDk2Mi50ZXN0ggl0OTYzLnRlc3SCCXQ5NjQudGVzdIIJdDk2NS50ZXN0ggl0OTY2
-LnRlc3SCCXQ5NjcudGVzdIIJdDk2OC50ZXN0ggl0OTY5LnRlc3SCCXQ5NzAudGVz
-dIIJdDk3MS50ZXN0ggl0OTcyLnRlc3SCCXQ5NzMudGVzdIIJdDk3NC50ZXN0ggl0
-OTc1LnRlc3SCCXQ5NzYudGVzdIIJdDk3Ny50ZXN0ggl0OTc4LnRlc3SCCXQ5Nzku
-dGVzdIIJdDk4MC50ZXN0ggl0OTgxLnRlc3SCCXQ5ODIudGVzdIIJdDk4My50ZXN0
-ggl0OTg0LnRlc3SCCXQ5ODUudGVzdIIJdDk4Ni50ZXN0ggl0OTg3LnRlc3SCCXQ5
-ODgudGVzdIIJdDk4OS50ZXN0ggl0OTkwLnRlc3SCCXQ5OTEudGVzdIIJdDk5Mi50
-ZXN0ggl0OTkzLnRlc3SCCXQ5OTQudGVzdIIJdDk5NS50ZXN0ggl0OTk2LnRlc3SC
-CXQ5OTcudGVzdIIJdDk5OC50ZXN0ggl0OTk5LnRlc3SCCnQxMDAwLnRlc3SCCnQx
-MDAxLnRlc3SCCnQxMDAyLnRlc3SCCnQxMDAzLnRlc3SCCnQxMDA0LnRlc3SCCnQx
-MDA1LnRlc3SCCnQxMDA2LnRlc3SCCnQxMDA3LnRlc3SCCnQxMDA4LnRlc3SCCnQx
-MDA5LnRlc3SCCnQxMDEwLnRlc3SCCnQxMDExLnRlc3SCCnQxMDEyLnRlc3SCCnQx
-MDEzLnRlc3SCCnQxMDE0LnRlc3SCCnQxMDE1LnRlc3SCCnQxMDE2LnRlc3SCCnQx
-MDE3LnRlc3SCCnQxMDE4LnRlc3SCCnQxMDE5LnRlc3SCCnQxMDIwLnRlc3SCCnQx
-MDIxLnRlc3SCCnQxMDIyLnRlc3SCCnQxMDIzLnRlc3SCCnQxMDI0LnRlc3QwDQYJ
-KoZIhvcNAQELBQADggEBAGfZxjrjcjFw5FnJMzq7SIad+JpmvMar7VnzXj84hjoV
-FuUqiclqjg1KRD7aIh5M1VEQv+AAk8UP6jMrvLJpoi5OD8ljivNA8zycj1N/LhNq
-8MjZauCTS+tuXIoh5hOE/TQqY6cUxY4LRBLIFIcbH0FGF22amCtowMVbRoaUpPvr
-GR5OXPAS3yRiEWrp703c21o3hw9QckB82z7Lxnt3oOFPg62EFPXiqE07Wkw/1xH4
-J9yy45XW5A77kfel22hVs873QVHI+GkKoTPe/q6eQVgesR2vpDRytKDP9K4tK4KS
-6hqVxj6a8Eqund0izSV+UXkskc9iN6EPXvVTELo3hD8=
------END CERTIFICATE-----
diff --git a/chromium/third_party/boringssl/src/crypto/x509/many_names3.pem b/chromium/third_party/boringssl/src/crypto/x509/many_names3.pem
deleted file mode 100644
index f15638f9e0e..00000000000
--- a/chromium/third_party/boringssl/src/crypto/x509/many_names3.pem
+++ /dev/null
@@ -1,571 +0,0 @@
------BEGIN CERTIFICATE-----
-MIJqrDCCaZSgAwIBAgIBBDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
-Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowgmfXMRAwDgYDVQQDEwd0
-MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI
-dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB
-Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B
-CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3
-DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI
-hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq
-hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG
-CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw
-FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx
-FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz
-dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0
-ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy
-QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
-MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW
-CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ
-ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN
-AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG
-9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG
-SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ
-KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV
-BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX
-MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0
-MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl
-c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA
-dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1
-N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI
-dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB
-Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B
-CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3
-DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI
-hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq
-hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG
-CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw
-FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx
-FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz
-dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0
-ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw
-QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
-ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW
-CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ
-ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN
-AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG
-9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG
-SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ
-KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV
-BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX
-MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyNTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyNjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDI2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjY1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyNjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDI3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjc0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyNzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0Mjc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzhAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDI3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4NUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0Mjg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyODdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDI4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjg5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyOTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5MUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-Mjk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDI5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjk4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyOTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwMEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMDJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDMwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzMDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMw
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzMDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwOUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDMxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzEzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzMTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxNUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MzE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDMyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzIyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzMjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMyNEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDMyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzI4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzMjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMz
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzMzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzM0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMzVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDMzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzM3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzMzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzOUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MzQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDM0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzQ2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzNDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0OEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDM1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzUyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzNTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzNTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1N0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDM2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzYxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzNjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MzY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDM2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzcwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzNzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNzRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDM3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzNzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDM4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzg1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0Mzg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOTJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDM5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzk0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzOTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0Mzk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOThAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDM5OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQw
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0MDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQwNUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDA2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQwOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDA5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0MTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxMUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDEyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDE1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQxN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDE4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0MTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyMEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDIxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQyM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQy
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0MjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyOUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDMwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQzMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDMzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0MzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzNUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDM2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDM5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQ0MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0NDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ0NEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDQ1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQ0N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQ4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDUxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0NTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1M0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDU0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NTVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQ1NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDU3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0NThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1OUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDYwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDYzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQ2NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDY2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0NjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2OEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDY5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQ3MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDcyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDc1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0NzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3N0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDc4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQ4MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDgxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0ODJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDg0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDg3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQ4OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDkwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0OTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDkzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQ5NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ1MDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwMUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NTAyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDUwNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTA1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ1MDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwN0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NTA4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NTExQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MTJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDUxM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTE0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ1MTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxNkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NTE3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MThAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDUxOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTIwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ1MjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUy
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTIzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ1MjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUyNUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NTI2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MjdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDUyOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTI5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ1MzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUzMUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NTMyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MzNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUzNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NTM1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MzZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDUzN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTM4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ1MzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU0MEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NTQxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NDJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDU0M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTQ0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ1NDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU0
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ1NDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU0OUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NTUwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NTFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDU1MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTUzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ1NTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU1NUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NTU2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NTdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDU1OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NTU5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NjBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDU2MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTYyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ1NjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU2NEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NTY1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NjZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDU2N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTY4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ1NjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU3
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTcxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ1NzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU3M0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NTc0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NzVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDU3NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTc3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ1NzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU3OUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NTgwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1ODFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDU4MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NTgzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1ODRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDU4NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTg2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ1ODdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU4OEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NTg5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1OTBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDU5MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTkyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ1OTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU5
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTk1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ1OTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU5N0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NTk4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1OTlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDYwMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjAxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ2MDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYwM0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NjA0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MDVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDYwNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NjA3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MDhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDYwOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjEwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ2MTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYxMkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NjEzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MTRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDYxNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjE2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ2MTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYx
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjE5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ2MjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYyMUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NjIyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MjNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDYyNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjI1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ2MjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYyN0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NjI4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MjlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDYzMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NjMxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MzJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDYzM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjM0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ2MzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYzNkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NjM3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MzhAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDYzOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjQwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ2NDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY0
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjQzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ2NDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY0NUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NjQ2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NDdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDY0OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjQ5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ2NTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY1MUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NjUyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NTNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDY1NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NjU1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NTZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDY1N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjU4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ2NTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY2MEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NjYxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NjJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDY2M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjY0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ2NjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY2
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjY3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ2NjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY2OUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NjcwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NzFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDY3MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjczQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ2NzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY3NUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0Njc2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NzdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDY3OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-Njc5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2ODBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDY4MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjgyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ2ODNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY4NEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0Njg1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2ODZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDY4N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Njg4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ2ODlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY5
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjkxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ2OTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY5M0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0Njk0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2OTVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDY5NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Njk3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ2OThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY5OUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NzAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MDFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDcwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NzAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MDRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDcwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzA2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ3MDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcwOEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NzA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MTBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDcxMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzEyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ3MTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcx
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ3MTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcxN0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NzE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MTlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDcyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzIxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ3MjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcyM0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NzI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MjVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDcyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NzI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MjhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDcyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzMwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ3MzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDczMkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NzMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MzRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDczNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzM2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ3MzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcz
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ3NDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc0MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NzQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NDNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDc0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzQ1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ3NDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc0N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NzQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NDlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDc1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NzUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NTJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDc1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzU0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ3NTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc1NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NzU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NThAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDc1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzYwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ3NjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc2
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ3NjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc2NUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NzY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NjdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDc2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzY5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ3NzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc3MUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NzcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NzNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDc3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-Nzc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NzZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDc3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Nzc4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ3NzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc4MEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NzgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3ODJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDc4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Nzg0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ3ODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc4
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Nzg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ3ODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc4OUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NzkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3OTFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDc5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzkzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ3OTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc5NUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0Nzk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3OTdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDc5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-Nzk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MDBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDgwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODAyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ4MDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgwNEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0ODA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MDZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDgwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODA4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ4MDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgx
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODExQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ4MTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgxM0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0ODE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MTVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDgxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODE3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ4MThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgxOUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0ODIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MjFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDgyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-ODIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MjRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDgyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODI2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ4MjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgyOEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0ODI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MzBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDgzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODMyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ4MzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgz
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ4MzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgzN0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0ODM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MzlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDg0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODQxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ4NDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg0M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0ODQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NDVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDg0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-ODQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NDhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDg0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODUwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ4NTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg1MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0ODUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NTRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDg1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODU2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ4NTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg1
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ4NjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg2MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0ODYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NjNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDg2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODY1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ4NjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg2N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0ODY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NjlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDg3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-ODcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NzJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDg3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODc0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ4NzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg3NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0ODc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NzhAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDg3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODgwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ4ODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg4
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ4ODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg4NUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0ODg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4ODdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDg4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODg5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ4OTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg5MUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0ODkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4OTNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDg5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-ODk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4OTZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDg5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODk4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ4OTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkwMEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0OTAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MDJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDkwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTA0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ5MDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkw
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ5MDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkwOUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0OTEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MTFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDkxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTEzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ5MTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkxNUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0OTE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MTdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDkxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-OTE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MjBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDkyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTIyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ5MjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkyNEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0OTI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MjZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDkyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTI4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ5MjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkz
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ5MzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkzM0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0OTM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MzVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDkzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTM3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ5MzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkzOUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0OTQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NDFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDk0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-OTQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NDRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDk0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTQ2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ5NDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk0OEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0OTQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NTBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDk1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTUyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ5NTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk1
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ5NTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk1N0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0OTU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NTlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDk2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTYxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ5NjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk2M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0OTY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NjVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDk2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-OTY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NjhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDk2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTcwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ5NzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk3MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0OTczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NzRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDk3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTc2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ5NzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk3
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ5ODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk4MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0OTgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5ODNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDk4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTg1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ5ODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk4N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0OTg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5ODlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDk5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-OTkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5OTJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDk5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTk0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ5OTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk5NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0OTk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5OThAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDk5OUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwMEB0
-ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwMUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0
-MTAwMkB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwM0B0ZXN0MRkwFwYJKoZIhvcN
-AQkBFgp0MTAwNEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwNUB0ZXN0MRkwFwYJ
-KoZIhvcNAQkBFgp0MTAwNkB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwN0B0ZXN0
-MRkwFwYJKoZIhvcNAQkBFgp0MTAwOEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAw
-OUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxMEB0ZXN0MRkwFwYJKoZIhvcNAQkB
-Fgp0MTAxMUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxMkB0ZXN0MRkwFwYJKoZI
-hvcNAQkBFgp0MTAxM0B0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxNEB0ZXN0MRkw
-FwYJKoZIhvcNAQkBFgp0MTAxNUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxNkB0
-ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxN0B0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0
-MTAxOEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxOUB0ZXN0MRkwFwYJKoZIhvcN
-AQkBFgp0MTAyMEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAyMUB0ZXN0MRkwFwYJ
-KoZIhvcNAQkBFgp0MTAyMkB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAyM0B0ZXN0
-MRkwFwYJKoZIhvcNAQkBFgp0MTAyNEB0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAugvahBkSAUF1fC49vb1bvlPrcl80kop1iLpiuYoz4Qptwy57
-+EWssZBcHprZ5BkWf6PeGZ7F5AX1PyJbGHZLqvMCvViP6pd4MFox/igESISEHEix
-oiXCzepBrhtp5UQSjHD4D4hKtgdMgVxX+LRtwgW3mnu/vBu7rzpr/DS8io99p3lq
-Z1Aky+aNlcMj6MYy8U+YFEevb/V0lRY9oqwmW7BHnXikm/vi6sjIS350U8zb/mRz
-YeIs2R65LUduTL50+UMgat9ocewI2dv8aO9Dph+8NdGtg8LFYyTTHcUxJoMr1PTO
-gnmET19WJH4PrFwk7ZE1QJQQ1L4iKmPeQistuQIDAQABo0kwRzAOBgNVHQ8BAf8E
-BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADASBgNVHREE
-CzAJggd0MC50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQAi7LIMyX5Ec514hvjROZ8b
-7i4UR3xd5IbniVSej+PKZhG2inN6aX9bksdda0ddYZeRSHAkNJuoabeankQJ/x5x
-sxBntWSVLCxz6S8NRrLAPKKPBvFb/W5ns57LP9SrLIij9l/NSd+K/CQNTlfcdorg
-4ltPVNwSMp/XXjH6rQYJSbo9MhDoxeqPpv73e4jY0DfGn1a8uwyCXalLjh4EkUyS
-Ye0N7MoUKV0IucrXKdgj2sHgBFqNKJ/GVQ422xZRbYqsyIJ0bPD6Fc8VcqfVrvYg
-lCYJfu7Xij5n3mjQaSYcbVxH71X8fYhhNq1tk+WtQOXirz2EkSuh1rNGU/LT8Q6r
------END CERTIFICATE-----
diff --git a/chromium/third_party/boringssl/src/crypto/x509/some_names1.pem b/chromium/third_party/boringssl/src/crypto/x509/some_names1.pem
deleted file mode 100644
index 21eed833865..00000000000
--- a/chromium/third_party/boringssl/src/crypto/x509/some_names1.pem
+++ /dev/null
@@ -1,211 +0,0 @@
------BEGIN CERTIFICATE-----
-MIInDDCCJfSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
-Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowghmkMRAwDgYDVQQDEwd0
-MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI
-dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB
-Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B
-CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3
-DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI
-hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq
-hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG
-CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw
-FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx
-FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz
-dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0
-ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy
-QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
-MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW
-CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ
-ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN
-AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG
-9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG
-SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ
-KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV
-BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX
-MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0
-MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl
-c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA
-dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1
-N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI
-dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB
-Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B
-CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3
-DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI
-hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq
-hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG
-CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw
-FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx
-FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz
-dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0
-ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw
-QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
-ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW
-CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ
-ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN
-AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG
-9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG
-SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ
-KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV
-BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX
-MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAugvahBkSAUF1fC49vb1bvlPrcl80kop1iLpiuYoz4Qptwy57+EWs
-sZBcHprZ5BkWf6PeGZ7F5AX1PyJbGHZLqvMCvViP6pd4MFox/igESISEHEixoiXC
-zepBrhtp5UQSjHD4D4hKtgdMgVxX+LRtwgW3mnu/vBu7rzpr/DS8io99p3lqZ1Ak
-y+aNlcMj6MYy8U+YFEevb/V0lRY9oqwmW7BHnXikm/vi6sjIS350U8zb/mRzYeIs
-2R65LUduTL50+UMgat9ocewI2dv8aO9Dph+8NdGtg8LFYyTTHcUxJoMr1PTOgnmE
-T19WJH4PrFwk7ZE1QJQQ1L4iKmPeQistuQIDAQABo4IK2jCCCtYwDgYDVR0PAQH/
-BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwggqfBgNV
-HREEggqWMIIKkoIHdDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIH
-dDQudGVzdIIHdDUudGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDku
-dGVzdIIIdDEwLnRlc3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQx
-NC50ZXN0ggh0MTUudGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIII
-dDE5LnRlc3SCCHQyMC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0
-ggh0MjQudGVzdIIIdDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRl
-c3SCCHQyOS50ZXN0ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMu
-dGVzdIIIdDM0LnRlc3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQz
-OC50ZXN0ggh0MzkudGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIII
-dDQzLnRlc3SCCHQ0NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0
-ggh0NDgudGVzdIIIdDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRl
-c3SCCHQ1My50ZXN0ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcu
-dGVzdIIIdDU4LnRlc3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2
-Mi50ZXN0ggh0NjMudGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIII
-dDY3LnRlc3SCCHQ2OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0
-ggh0NzIudGVzdIIIdDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRl
-c3SCCHQ3Ny50ZXN0ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEu
-dGVzdIIIdDgyLnRlc3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4
-Ni50ZXN0ggh0ODcudGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIII
-dDkxLnRlc3SCCHQ5Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0
-ggh0OTYudGVzdIIIdDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50
-ZXN0ggl0MTAxLnRlc3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SC
-CXQxMDUudGVzdIIJdDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEw
-OS50ZXN0ggl0MTEwLnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRl
-c3SCCXQxMTQudGVzdIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJ
-dDExOC50ZXN0ggl0MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIy
-LnRlc3SCCXQxMjMudGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVz
-dIIJdDEyNy50ZXN0ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0
-MTMxLnRlc3SCCXQxMzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUu
-dGVzdIIJdDEzNi50ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0
-ggl0MTQwLnRlc3SCCXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQx
-NDQudGVzdIIJdDE0NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50
-ZXN0ggl0MTQ5LnRlc3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SC
-CXQxNTMudGVzdIIJdDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1
-Ny50ZXN0ggl0MTU4LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRl
-c3SCCXQxNjIudGVzdIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJ
-dDE2Ni50ZXN0ggl0MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcw
-LnRlc3SCCXQxNzEudGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVz
-dIIJdDE3NS50ZXN0ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0
-MTc5LnRlc3SCCXQxODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMu
-dGVzdIIJdDE4NC50ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0
-ggl0MTg4LnRlc3SCCXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQx
-OTIudGVzdIIJdDE5My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50
-ZXN0ggl0MTk3LnRlc3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SC
-CXQyMDEudGVzdIIJdDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIw
-NS50ZXN0ggl0MjA2LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRl
-c3SCCXQyMTAudGVzdIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJ
-dDIxNC50ZXN0ggl0MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4
-LnRlc3SCCXQyMTkudGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVz
-dIIJdDIyMy50ZXN0ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0
-MjI3LnRlc3SCCXQyMjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEu
-dGVzdIIJdDIzMi50ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0
-ggl0MjM2LnRlc3SCCXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQy
-NDAudGVzdIIJdDI0MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50
-ZXN0ggl0MjQ1LnRlc3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SC
-CXQyNDkudGVzdIIJdDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1
-My50ZXN0ggl0MjU0LnRlc3SCCXQyNTUudGVzdDANBgkqhkiG9w0BAQsFAAOCAQEA
-JIFn5ymMVnj0DOFldXQzAjaosat0Z1dAca0BFO/4bf+IfvpaLvZCiSucInV0ejgR
-dP3UsoiXV8qXBax1nr5t4k+yOGYbhgj3imHFtKhFaqJ45AqEJOmzCHWIN0LkN+YL
-ME6JBJr86EB+diLPBS7iljmtvN7avvmJ8AbGFI6eB5BwSjewavWpv55u52zMWti7
-Ca2WpKffH74zhnGqkbMzEiiRa1L1+H/uQBJ0BEeAZbr+pSkJZJvzY/eH8a7fLHra
-LfBqD4epDm6RI6gSNeJ+G7qSfpVSk7l9bsVh7rUTSSCKBxhcImudqBuLfswoa0Ub
-ZoA33vstMRAur0m/blHQHA==
------END CERTIFICATE-----
diff --git a/chromium/third_party/boringssl/src/crypto/x509/some_names2.pem b/chromium/third_party/boringssl/src/crypto/x509/some_names2.pem
deleted file mode 100644
index 328e3d1621d..00000000000
--- a/chromium/third_party/boringssl/src/crypto/x509/some_names2.pem
+++ /dev/null
@@ -1,133 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIYgzCCF2ugAwIBAgIBBjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
-Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowEjEQMA4GA1UEAxMHdDAu
-dGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwu
-Pb29W75T63JfNJKKdYi6YrmKM+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8i
-Wxh2S6rzAr1Yj+qXeDBaMf4oBEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFc
-V/i0bcIFt5p7v7wbu686a/w0vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUW
-PaKsJluwR514pJv74urIyEt+dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb
-/GjvQ6YfvDXRrYPCxWMk0x3FMSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj
-3kIrLbkCAwEAAaOCFeUwghXhMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
-BgEFBQcDATAMBgNVHRMBAf8EAjAAMIIVqgYDVR0RBIIVoTCCFZ2CB3QwLnRlc3SC
-B3QxLnRlc3SCB3QyLnRlc3SCB3QzLnRlc3SCB3Q0LnRlc3SCB3Q1LnRlc3SCB3Q2
-LnRlc3SCB3Q3LnRlc3SCB3Q4LnRlc3SCB3Q5LnRlc3SCCHQxMC50ZXN0ggh0MTEu
-dGVzdIIIdDEyLnRlc3SCCHQxMy50ZXN0ggh0MTQudGVzdIIIdDE1LnRlc3SCCHQx
-Ni50ZXN0ggh0MTcudGVzdIIIdDE4LnRlc3SCCHQxOS50ZXN0ggh0MjAudGVzdIII
-dDIxLnRlc3SCCHQyMi50ZXN0ggh0MjMudGVzdIIIdDI0LnRlc3SCCHQyNS50ZXN0
-ggh0MjYudGVzdIIIdDI3LnRlc3SCCHQyOC50ZXN0ggh0MjkudGVzdIIIdDMwLnRl
-c3SCCHQzMS50ZXN0ggh0MzIudGVzdIIIdDMzLnRlc3SCCHQzNC50ZXN0ggh0MzUu
-dGVzdIIIdDM2LnRlc3SCCHQzNy50ZXN0ggh0MzgudGVzdIIIdDM5LnRlc3SCCHQ0
-MC50ZXN0ggh0NDEudGVzdIIIdDQyLnRlc3SCCHQ0My50ZXN0ggh0NDQudGVzdIII
-dDQ1LnRlc3SCCHQ0Ni50ZXN0ggh0NDcudGVzdIIIdDQ4LnRlc3SCCHQ0OS50ZXN0
-ggh0NTAudGVzdIIIdDUxLnRlc3SCCHQ1Mi50ZXN0ggh0NTMudGVzdIIIdDU0LnRl
-c3SCCHQ1NS50ZXN0ggh0NTYudGVzdIIIdDU3LnRlc3SCCHQ1OC50ZXN0ggh0NTku
-dGVzdIIIdDYwLnRlc3SCCHQ2MS50ZXN0ggh0NjIudGVzdIIIdDYzLnRlc3SCCHQ2
-NC50ZXN0ggh0NjUudGVzdIIIdDY2LnRlc3SCCHQ2Ny50ZXN0ggh0NjgudGVzdIII
-dDY5LnRlc3SCCHQ3MC50ZXN0ggh0NzEudGVzdIIIdDcyLnRlc3SCCHQ3My50ZXN0
-ggh0NzQudGVzdIIIdDc1LnRlc3SCCHQ3Ni50ZXN0ggh0NzcudGVzdIIIdDc4LnRl
-c3SCCHQ3OS50ZXN0ggh0ODAudGVzdIIIdDgxLnRlc3SCCHQ4Mi50ZXN0ggh0ODMu
-dGVzdIIIdDg0LnRlc3SCCHQ4NS50ZXN0ggh0ODYudGVzdIIIdDg3LnRlc3SCCHQ4
-OC50ZXN0ggh0ODkudGVzdIIIdDkwLnRlc3SCCHQ5MS50ZXN0ggh0OTIudGVzdIII
-dDkzLnRlc3SCCHQ5NC50ZXN0ggh0OTUudGVzdIIIdDk2LnRlc3SCCHQ5Ny50ZXN0
-ggh0OTgudGVzdIIIdDk5LnRlc3SCCXQxMDAudGVzdIIJdDEwMS50ZXN0ggl0MTAy
-LnRlc3SCCXQxMDMudGVzdIIJdDEwNC50ZXN0ggl0MTA1LnRlc3SCCXQxMDYudGVz
-dIIJdDEwNy50ZXN0ggl0MTA4LnRlc3SCCXQxMDkudGVzdIIJdDExMC50ZXN0ggl0
-MTExLnRlc3SCCXQxMTIudGVzdIIJdDExMy50ZXN0ggl0MTE0LnRlc3SCCXQxMTUu
-dGVzdIIJdDExNi50ZXN0ggl0MTE3LnRlc3SCCXQxMTgudGVzdIIJdDExOS50ZXN0
-ggl0MTIwLnRlc3SCCXQxMjEudGVzdIIJdDEyMi50ZXN0ggl0MTIzLnRlc3SCCXQx
-MjQudGVzdIIJdDEyNS50ZXN0ggl0MTI2LnRlc3SCCXQxMjcudGVzdIIJdDEyOC50
-ZXN0ggl0MTI5LnRlc3SCCXQxMzAudGVzdIIJdDEzMS50ZXN0ggl0MTMyLnRlc3SC
-CXQxMzMudGVzdIIJdDEzNC50ZXN0ggl0MTM1LnRlc3SCCXQxMzYudGVzdIIJdDEz
-Ny50ZXN0ggl0MTM4LnRlc3SCCXQxMzkudGVzdIIJdDE0MC50ZXN0ggl0MTQxLnRl
-c3SCCXQxNDIudGVzdIIJdDE0My50ZXN0ggl0MTQ0LnRlc3SCCXQxNDUudGVzdIIJ
-dDE0Ni50ZXN0ggl0MTQ3LnRlc3SCCXQxNDgudGVzdIIJdDE0OS50ZXN0ggl0MTUw
-LnRlc3SCCXQxNTEudGVzdIIJdDE1Mi50ZXN0ggl0MTUzLnRlc3SCCXQxNTQudGVz
-dIIJdDE1NS50ZXN0ggl0MTU2LnRlc3SCCXQxNTcudGVzdIIJdDE1OC50ZXN0ggl0
-MTU5LnRlc3SCCXQxNjAudGVzdIIJdDE2MS50ZXN0ggl0MTYyLnRlc3SCCXQxNjMu
-dGVzdIIJdDE2NC50ZXN0ggl0MTY1LnRlc3SCCXQxNjYudGVzdIIJdDE2Ny50ZXN0
-ggl0MTY4LnRlc3SCCXQxNjkudGVzdIIJdDE3MC50ZXN0ggl0MTcxLnRlc3SCCXQx
-NzIudGVzdIIJdDE3My50ZXN0ggl0MTc0LnRlc3SCCXQxNzUudGVzdIIJdDE3Ni50
-ZXN0ggl0MTc3LnRlc3SCCXQxNzgudGVzdIIJdDE3OS50ZXN0ggl0MTgwLnRlc3SC
-CXQxODEudGVzdIIJdDE4Mi50ZXN0ggl0MTgzLnRlc3SCCXQxODQudGVzdIIJdDE4
-NS50ZXN0ggl0MTg2LnRlc3SCCXQxODcudGVzdIIJdDE4OC50ZXN0ggl0MTg5LnRl
-c3SCCXQxOTAudGVzdIIJdDE5MS50ZXN0ggl0MTkyLnRlc3SCCXQxOTMudGVzdIIJ
-dDE5NC50ZXN0ggl0MTk1LnRlc3SCCXQxOTYudGVzdIIJdDE5Ny50ZXN0ggl0MTk4
-LnRlc3SCCXQxOTkudGVzdIIJdDIwMC50ZXN0ggl0MjAxLnRlc3SCCXQyMDIudGVz
-dIIJdDIwMy50ZXN0ggl0MjA0LnRlc3SCCXQyMDUudGVzdIIJdDIwNi50ZXN0ggl0
-MjA3LnRlc3SCCXQyMDgudGVzdIIJdDIwOS50ZXN0ggl0MjEwLnRlc3SCCXQyMTEu
-dGVzdIIJdDIxMi50ZXN0ggl0MjEzLnRlc3SCCXQyMTQudGVzdIIJdDIxNS50ZXN0
-ggl0MjE2LnRlc3SCCXQyMTcudGVzdIIJdDIxOC50ZXN0ggl0MjE5LnRlc3SCCXQy
-MjAudGVzdIIJdDIyMS50ZXN0ggl0MjIyLnRlc3SCCXQyMjMudGVzdIIJdDIyNC50
-ZXN0ggl0MjI1LnRlc3SCCXQyMjYudGVzdIIJdDIyNy50ZXN0ggl0MjI4LnRlc3SC
-CXQyMjkudGVzdIIJdDIzMC50ZXN0ggl0MjMxLnRlc3SCCXQyMzIudGVzdIIJdDIz
-My50ZXN0ggl0MjM0LnRlc3SCCXQyMzUudGVzdIIJdDIzNi50ZXN0ggl0MjM3LnRl
-c3SCCXQyMzgudGVzdIIJdDIzOS50ZXN0ggl0MjQwLnRlc3SCCXQyNDEudGVzdIIJ
-dDI0Mi50ZXN0ggl0MjQzLnRlc3SCCXQyNDQudGVzdIIJdDI0NS50ZXN0ggl0MjQ2
-LnRlc3SCCXQyNDcudGVzdIIJdDI0OC50ZXN0ggl0MjQ5LnRlc3SCCXQyNTAudGVz
-dIIJdDI1MS50ZXN0ggl0MjUyLnRlc3SCCXQyNTMudGVzdIIJdDI1NC50ZXN0ggl0
-MjU1LnRlc3SCCXQyNTYudGVzdIIJdDI1Ny50ZXN0ggl0MjU4LnRlc3SCCXQyNTku
-dGVzdIIJdDI2MC50ZXN0ggl0MjYxLnRlc3SCCXQyNjIudGVzdIIJdDI2My50ZXN0
-ggl0MjY0LnRlc3SCCXQyNjUudGVzdIIJdDI2Ni50ZXN0ggl0MjY3LnRlc3SCCXQy
-NjgudGVzdIIJdDI2OS50ZXN0ggl0MjcwLnRlc3SCCXQyNzEudGVzdIIJdDI3Mi50
-ZXN0ggl0MjczLnRlc3SCCXQyNzQudGVzdIIJdDI3NS50ZXN0ggl0Mjc2LnRlc3SC
-CXQyNzcudGVzdIIJdDI3OC50ZXN0ggl0Mjc5LnRlc3SCCXQyODAudGVzdIIJdDI4
-MS50ZXN0ggl0MjgyLnRlc3SCCXQyODMudGVzdIIJdDI4NC50ZXN0ggl0Mjg1LnRl
-c3SCCXQyODYudGVzdIIJdDI4Ny50ZXN0ggl0Mjg4LnRlc3SCCXQyODkudGVzdIIJ
-dDI5MC50ZXN0ggl0MjkxLnRlc3SCCXQyOTIudGVzdIIJdDI5My50ZXN0ggl0Mjk0
-LnRlc3SCCXQyOTUudGVzdIIJdDI5Ni50ZXN0ggl0Mjk3LnRlc3SCCXQyOTgudGVz
-dIIJdDI5OS50ZXN0ggl0MzAwLnRlc3SCCXQzMDEudGVzdIIJdDMwMi50ZXN0ggl0
-MzAzLnRlc3SCCXQzMDQudGVzdIIJdDMwNS50ZXN0ggl0MzA2LnRlc3SCCXQzMDcu
-dGVzdIIJdDMwOC50ZXN0ggl0MzA5LnRlc3SCCXQzMTAudGVzdIIJdDMxMS50ZXN0
-ggl0MzEyLnRlc3SCCXQzMTMudGVzdIIJdDMxNC50ZXN0ggl0MzE1LnRlc3SCCXQz
-MTYudGVzdIIJdDMxNy50ZXN0ggl0MzE4LnRlc3SCCXQzMTkudGVzdIIJdDMyMC50
-ZXN0ggl0MzIxLnRlc3SCCXQzMjIudGVzdIIJdDMyMy50ZXN0ggl0MzI0LnRlc3SC
-CXQzMjUudGVzdIIJdDMyNi50ZXN0ggl0MzI3LnRlc3SCCXQzMjgudGVzdIIJdDMy
-OS50ZXN0ggl0MzMwLnRlc3SCCXQzMzEudGVzdIIJdDMzMi50ZXN0ggl0MzMzLnRl
-c3SCCXQzMzQudGVzdIIJdDMzNS50ZXN0ggl0MzM2LnRlc3SCCXQzMzcudGVzdIIJ
-dDMzOC50ZXN0ggl0MzM5LnRlc3SCCXQzNDAudGVzdIIJdDM0MS50ZXN0ggl0MzQy
-LnRlc3SCCXQzNDMudGVzdIIJdDM0NC50ZXN0ggl0MzQ1LnRlc3SCCXQzNDYudGVz
-dIIJdDM0Ny50ZXN0ggl0MzQ4LnRlc3SCCXQzNDkudGVzdIIJdDM1MC50ZXN0ggl0
-MzUxLnRlc3SCCXQzNTIudGVzdIIJdDM1My50ZXN0ggl0MzU0LnRlc3SCCXQzNTUu
-dGVzdIIJdDM1Ni50ZXN0ggl0MzU3LnRlc3SCCXQzNTgudGVzdIIJdDM1OS50ZXN0
-ggl0MzYwLnRlc3SCCXQzNjEudGVzdIIJdDM2Mi50ZXN0ggl0MzYzLnRlc3SCCXQz
-NjQudGVzdIIJdDM2NS50ZXN0ggl0MzY2LnRlc3SCCXQzNjcudGVzdIIJdDM2OC50
-ZXN0ggl0MzY5LnRlc3SCCXQzNzAudGVzdIIJdDM3MS50ZXN0ggl0MzcyLnRlc3SC
-CXQzNzMudGVzdIIJdDM3NC50ZXN0ggl0Mzc1LnRlc3SCCXQzNzYudGVzdIIJdDM3
-Ny50ZXN0ggl0Mzc4LnRlc3SCCXQzNzkudGVzdIIJdDM4MC50ZXN0ggl0MzgxLnRl
-c3SCCXQzODIudGVzdIIJdDM4My50ZXN0ggl0Mzg0LnRlc3SCCXQzODUudGVzdIIJ
-dDM4Ni50ZXN0ggl0Mzg3LnRlc3SCCXQzODgudGVzdIIJdDM4OS50ZXN0ggl0Mzkw
-LnRlc3SCCXQzOTEudGVzdIIJdDM5Mi50ZXN0ggl0MzkzLnRlc3SCCXQzOTQudGVz
-dIIJdDM5NS50ZXN0ggl0Mzk2LnRlc3SCCXQzOTcudGVzdIIJdDM5OC50ZXN0ggl0
-Mzk5LnRlc3SCCXQ0MDAudGVzdIIJdDQwMS50ZXN0ggl0NDAyLnRlc3SCCXQ0MDMu
-dGVzdIIJdDQwNC50ZXN0ggl0NDA1LnRlc3SCCXQ0MDYudGVzdIIJdDQwNy50ZXN0
-ggl0NDA4LnRlc3SCCXQ0MDkudGVzdIIJdDQxMC50ZXN0ggl0NDExLnRlc3SCCXQ0
-MTIudGVzdIIJdDQxMy50ZXN0ggl0NDE0LnRlc3SCCXQ0MTUudGVzdIIJdDQxNi50
-ZXN0ggl0NDE3LnRlc3SCCXQ0MTgudGVzdIIJdDQxOS50ZXN0ggl0NDIwLnRlc3SC
-CXQ0MjEudGVzdIIJdDQyMi50ZXN0ggl0NDIzLnRlc3SCCXQ0MjQudGVzdIIJdDQy
-NS50ZXN0ggl0NDI2LnRlc3SCCXQ0MjcudGVzdIIJdDQyOC50ZXN0ggl0NDI5LnRl
-c3SCCXQ0MzAudGVzdIIJdDQzMS50ZXN0ggl0NDMyLnRlc3SCCXQ0MzMudGVzdIIJ
-dDQzNC50ZXN0ggl0NDM1LnRlc3SCCXQ0MzYudGVzdIIJdDQzNy50ZXN0ggl0NDM4
-LnRlc3SCCXQ0MzkudGVzdIIJdDQ0MC50ZXN0ggl0NDQxLnRlc3SCCXQ0NDIudGVz
-dIIJdDQ0My50ZXN0ggl0NDQ0LnRlc3SCCXQ0NDUudGVzdIIJdDQ0Ni50ZXN0ggl0
-NDQ3LnRlc3SCCXQ0NDgudGVzdIIJdDQ0OS50ZXN0ggl0NDUwLnRlc3SCCXQ0NTEu
-dGVzdIIJdDQ1Mi50ZXN0ggl0NDUzLnRlc3SCCXQ0NTQudGVzdIIJdDQ1NS50ZXN0
-ggl0NDU2LnRlc3SCCXQ0NTcudGVzdIIJdDQ1OC50ZXN0ggl0NDU5LnRlc3SCCXQ0
-NjAudGVzdIIJdDQ2MS50ZXN0ggl0NDYyLnRlc3SCCXQ0NjMudGVzdIIJdDQ2NC50
-ZXN0ggl0NDY1LnRlc3SCCXQ0NjYudGVzdIIJdDQ2Ny50ZXN0ggl0NDY4LnRlc3SC
-CXQ0NjkudGVzdIIJdDQ3MC50ZXN0ggl0NDcxLnRlc3SCCXQ0NzIudGVzdIIJdDQ3
-My50ZXN0ggl0NDc0LnRlc3SCCXQ0NzUudGVzdIIJdDQ3Ni50ZXN0ggl0NDc3LnRl
-c3SCCXQ0NzgudGVzdIIJdDQ3OS50ZXN0ggl0NDgwLnRlc3SCCXQ0ODEudGVzdIIJ
-dDQ4Mi50ZXN0ggl0NDgzLnRlc3SCCXQ0ODQudGVzdIIJdDQ4NS50ZXN0ggl0NDg2
-LnRlc3SCCXQ0ODcudGVzdIIJdDQ4OC50ZXN0ggl0NDg5LnRlc3SCCXQ0OTAudGVz
-dIIJdDQ5MS50ZXN0ggl0NDkyLnRlc3SCCXQ0OTMudGVzdIIJdDQ5NC50ZXN0ggl0
-NDk1LnRlc3SCCXQ0OTYudGVzdIIJdDQ5Ny50ZXN0ggl0NDk4LnRlc3SCCXQ0OTku
-dGVzdIIJdDUwMC50ZXN0ggl0NTAxLnRlc3SCCXQ1MDIudGVzdIIJdDUwMy50ZXN0
-ggl0NTA0LnRlc3SCCXQ1MDUudGVzdIIJdDUwNi50ZXN0ggl0NTA3LnRlc3SCCXQ1
-MDgudGVzdIIJdDUwOS50ZXN0ggl0NTEwLnRlc3SCCXQ1MTEudGVzdIIJdDUxMi50
-ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQBjxDfYTobCREWVHPrt1T9iT2t0gieS7hVw
-lQaezO1n+m0MerQ92DHhMXBROBiMXIWyvTa341xClpYAwPqqAIUEdS0L5r4Jq/Ep
-4uglb+eZXMvTAm89KH3L8xTugc8UtHMqbfyo92v96wgFXBrcDDXIkGdPkLyz2s2J
-QjpNVG/La/EYTQdHPgv6Rg0g+t6RNN1JJ0p1wQ5ItDc8d/bfWdlG/EViWVRsiSBh
-7YRbkGWdnHnorCe0yIg0jKCk3UhgXaYY66/alpmE/QVXSaLgNvdmJ5m9mixY0ZaB
-0niy+KzIgBczvDcxVdL5/fsxGvA4nI8Gi7Z+EJDKXeED+FwcTDJD
------END CERTIFICATE-----
diff --git a/chromium/third_party/boringssl/src/crypto/x509/some_names3.pem b/chromium/third_party/boringssl/src/crypto/x509/some_names3.pem
deleted file mode 100644
index 7b38bf3ce56..00000000000
--- a/chromium/third_party/boringssl/src/crypto/x509/some_names3.pem
+++ /dev/null
@@ -1,294 +0,0 @@
------BEGIN CERTIFICATE-----
-MII2kzCCNXugAwIBAgIBBzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
-Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowgjO+MRAwDgYDVQQDEwd0
-MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
-OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI
-dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB
-Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B
-CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3
-DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI
-hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq
-hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG
-CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw
-FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx
-FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz
-dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0
-ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy
-QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
-MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW
-CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ
-ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN
-AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG
-9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG
-SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ
-KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV
-BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX
-MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0
-MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl
-c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA
-dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1
-N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI
-dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB
-Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B
-CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3
-DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI
-hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq
-hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG
-CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw
-FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx
-FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz
-dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0
-ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw
-QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
-ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW
-CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ
-ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN
-AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG
-9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG
-SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ
-KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV
-BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX
-MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyNTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyNjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MjYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDI2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjY1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyNjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MjcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDI3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjc0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyNzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0Mjc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzhAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDI3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQyODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQyODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4NUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0Mjg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyODdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDI4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjg5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQyOTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5MUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MjkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-Mjk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDI5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjk4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQyOTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwMEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMDJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDMwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzMDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMw
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzMDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwOUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDMxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzEzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzMTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxNUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MzE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDMyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzIyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzMjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMyNEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDMyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzI4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzMjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMz
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzMzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzM0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMzVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDMzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzM3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzMzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzOUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MzQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDM0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzQ2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzNDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0OEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDM1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzUyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzNTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzNTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1N0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDM2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzYxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzNjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0MzY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDM2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzcwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzNzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0MzczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNzRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDM3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQzNzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQzODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4MUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0MzgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDM4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzg1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQzODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4N0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0Mzg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-MzkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOTJAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDM5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzk0QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQzOTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5NkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0Mzk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOThAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDM5OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAwQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQw
-MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0MDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQwNUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDA2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDdAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQwOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDA5QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0MTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxMUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDEyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTNA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDE1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTZAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQxN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDE4QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0MTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyMEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDIxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjJAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQyM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI0QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQy
-NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0MjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyOUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDMwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzFAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQzMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDMzQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0MzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzNUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDM2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzdA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDM5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDBAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQ0MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQyQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0NDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ0NEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDQ1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDZAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQ0N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQ4QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1
-MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDUxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0NTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1M0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDU0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NTVAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQ1NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDU3QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0NThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1OUB0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDYwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjFA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDYzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjRAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQ2NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDY2QHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0NjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2OEB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDY5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzBAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQ3MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDcyQHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3
-NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDc1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ0NzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3N0B0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NDc4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzlAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDQ4MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDgxQHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ0ODJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4M0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NDg0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODVA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NDg3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODhAdGVzdDEYMBYGCSqGSIb3DQEJ
-ARYJdDQ4OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDkwQHRlc3QxGDAWBgkqhkiG
-9w0BCQEWCXQ0OTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5MkB0ZXN0MRgwFgYJ
-KoZIhvcNAQkBFgl0NDkzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTRAdGVzdDEY
-MBYGCSqGSIb3DQEJARYJdDQ5NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk2QHRl
-c3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5
-OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
-CXQ1MDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwMUB0ZXN0MRgwFgYJKoZIhvcN
-AQkBFgl0NTAyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDNAdGVzdDEYMBYGCSqG
-SIb3DQEJARYJdDUwNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTA1QHRlc3QxGDAW
-BgkqhkiG9w0BCQEWCXQ1MDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwN0B0ZXN0
-MRgwFgYJKoZIhvcNAQkBFgl0NTA4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDlA
-dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
-NTExQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MTJAdGVzdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwuPb29W75T63JfNJKKdYi6YrmK
-M+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8iWxh2S6rzAr1Yj+qXeDBaMf4o
-BEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFcV/i0bcIFt5p7v7wbu686a/w0
-vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUWPaKsJluwR514pJv74urIyEt+
-dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb/GjvQ6YfvDXRrYPCxWMk0x3F
-MSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj3kIrLbkCAwEAAaNJMEcwDgYD
-VR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAw
-EgYDVR0RBAswCYIHdDAudGVzdDANBgkqhkiG9w0BAQsFAAOCAQEAQA/0vvY1gLA2
-0jrPkBVWte7OHzWVkwq7mqgQPR4L9qLLu7Vhelp4dW8n95s1wCbca5j5SJEGv4Uv
-0fI1OOK7XQeYdNlHBmvMVW47GoBSo6tuYNPI/y4xnM6ypEZiPKkdj9Ar9qNgURfV
-z3s1czip915dyTWgwBy7CTxOlG8NW0uiFgEc9iiDDfQsPwVXiVtxOPtjhPeI3F0J
-jh3wctFxBnAvLV9SsDxpWujM1dd/1SSQ25jKQhbKNtiDAC8v+Q043r8ZGHjRdxe8
-W2tVWH/iz9c+ze0P0ao7LKv8eGzoIsrBqICS86X4Zv5lGeTGaD2osF1oNvmmoSlh
-536yFa415g==
------END CERTIFICATE-----
diff --git a/chromium/third_party/boringssl/src/crypto/x509/x509_cmp.c b/chromium/third_party/boringssl/src/crypto/x509/x509_cmp.c
index 28f2e95ed73..cd025abcafb 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/x509_cmp.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/x509_cmp.c
@@ -67,6 +67,7 @@
 #include <openssl/x509v3.h>
 
 #include "../internal.h"
+#include "../x509v3/internal.h"
 
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
@@ -175,12 +176,18 @@ unsigned long X509_subject_name_hash_old(X509 *x)
  */
 int X509_cmp(const X509 *a, const X509 *b)
 {
-    int rv;
-    /* ensure hash is valid */
-    X509_check_purpose((X509 *)a, -1, 0);
-    X509_check_purpose((X509 *)b, -1, 0);
-
-    rv = OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+    /* Fill in the |sha1_hash| fields.
+     *
+     * TODO(davidben): This may fail, in which case the the hash will be all
+     * zeros. This produces a consistent comparison (failures are sticky), but
+     * not a good one. OpenSSL now returns -2, but this is not a consistent
+     * comparison and may cause misbehaving sorts by transitivity. For now, we
+     * retain the old OpenSSL behavior, which was to ignore the error. See
+     * https://crbug.com/boringssl/355. */
+    x509v3_cache_extensions((X509 *)a);
+    x509v3_cache_extensions((X509 *)b);
+
+    int rv = OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
     if (rv)
         return rv;
     /* Check for match against stored encoding too */
diff --git a/chromium/third_party/boringssl/src/crypto/x509/x509_req.c b/chromium/third_party/boringssl/src/crypto/x509/x509_req.c
index d918b097063..9ab6e9dab48 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/x509_req.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/x509_req.c
@@ -107,6 +107,16 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
     return (NULL);
 }
 
+long X509_REQ_get_version(const X509_REQ *req)
+{
+    return ASN1_INTEGER_get(req->req_info->version);
+}
+
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
+{
+    return req->req_info->subject;
+}
+
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
 {
     if ((req == NULL) || (req->req_info == NULL))
diff --git a/chromium/third_party/boringssl/src/crypto/x509/x509_set.c b/chromium/third_party/boringssl/src/crypto/x509/x509_set.c
index 5242e345c3a..e7bfbe38af9 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/x509_set.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/x509_set.c
@@ -60,6 +60,16 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
 
+long X509_get_version(const X509 *x509)
+{
+    return ASN1_INTEGER_get(x509->cert_info->version);
+}
+
+X509_CINF *X509_get_cert_info(const X509 *x509)
+{
+    return x509->cert_info;
+}
+
 int X509_set_version(X509 *x, long version)
 {
     if (x == NULL)
@@ -137,6 +147,14 @@ ASN1_TIME *X509_getm_notBefore(X509 *x)
     return x->cert_info->validity->notBefore;
 }
 
+ASN1_TIME *X509_get_notBefore(const X509 *x509)
+{
+    // In OpenSSL, this function is an alias for |X509_getm_notBefore|, but our
+    // |X509_getm_notBefore| is const-correct. |X509_get_notBefore| was
+    // originally a macro, so it needs to capture both get0 and getm use cases.
+    return x509->cert_info->validity->notBefore;
+}
+
 int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
 {
     ASN1_TIME *in;
@@ -167,6 +185,14 @@ ASN1_TIME *X509_getm_notAfter(X509 *x)
     return x->cert_info->validity->notAfter;
 }
 
+ASN1_TIME *X509_get_notAfter(const X509 *x509)
+{
+    // In OpenSSL, this function is an alias for |X509_getm_notAfter|, but our
+    // |X509_getm_notAfter| is const-correct. |X509_get_notAfter| was
+    // originally a macro, so it needs to capture both get0 and getm use cases.
+    return x509->cert_info->validity->notAfter;
+}
+
 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
 {
     if ((x == NULL) || (x->cert_info == NULL))
@@ -183,3 +209,18 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
 {
     return x->cert_info->signature;
 }
+
+void X509_CINF_set_modified(X509_CINF *cinf)
+{
+    cinf->enc.modified = 1;
+}
+
+const X509_ALGOR *X509_CINF_get_signature(const X509_CINF *cinf)
+{
+    return cinf->signature;
+}
+
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509)
+{
+    return x509->cert_info->key;
+}
diff --git a/chromium/third_party/boringssl/src/crypto/x509/x509_test.cc b/chromium/third_party/boringssl/src/crypto/x509/x509_test.cc
index 521d7573fb2..366e66e5e0e 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/x509_test.cc
+++ b/chromium/third_party/boringssl/src/crypto/x509/x509_test.cc
@@ -233,6 +233,13 @@ static const char kRSAKey[] =
     "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
     "-----END RSA PRIVATE KEY-----\n";
 
+static const char kP256Key[] =
+    "-----BEGIN PRIVATE KEY-----\n"
+    "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
+    "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
+    "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
+    "-----END PRIVATE KEY-----\n";
+
 // kCRLTestRoot is a test root certificate. It has private key:
 //
 //     -----BEGIN RSA PRIVATE KEY-----
@@ -354,16 +361,16 @@ static const char kBadIssuerCRL[] =
 // extension.
 static const char kKnownCriticalCRL[] =
     "-----BEGIN X509 CRL-----\n"
-    "MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
+    "MIIBuDCBoQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
     "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n"
-    "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV\n"
-    "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3\n"
-    "i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q\n"
-    "mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ\n"
-    "NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A\n"
-    "3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+\n"
-    "7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp\n"
-    "o/1TpfOMSGhMyMoyPrk=\n"
+    "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoB8wHTAKBgNV\n"
+    "HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAs37Jq\n"
+    "3Htcehm6C2PKXOHekwTqTLOPWsYHfF68kYhdzcopDZBeoKE7jLRkRRGFDaR/tfUs\n"
+    "kwLSDNSQ8EwPb9PT1X8kmFn9QmJgWD6f6BzaH5ZZ9iBUwOcvrydlb/jnjdIZHQxs\n"
+    "fKOAceW5XX3f7DANC3qwYLsQZR/APkfV8nXjPYVUz1kKj04uq/BbQviInjyUYixN\n"
+    "xDx+GDWVVXccehcwAu983kAqP+JDaVQPBVksLuBXz2adrEWwvbLCnZeL3zH1IY9h\n"
+    "6MFO6echpvGbU/H+dRX9UkhdJ7gdwKVD3RjfJl+DRVox9lz8Pbo5H699Tkv9/DQP\n"
+    "9dMWxqhQlv23osLp\n"
     "-----END X509 CRL-----\n";
 
 // kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension.
@@ -385,16 +392,32 @@ static const char kUnknownCriticalCRL[] =
 // point extension followed by an unknown critical extension
 static const char kUnknownCriticalCRL2[] =
     "-----BEGIN X509 CRL-----\n"
-    "MIIBzzCBuAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
+    "MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
     "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n"
-    "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDYwNDAKBgNV\n"
-    "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wEwYMKoZIhvcSBAGEtwkAAQH/BAAw\n"
-    "DQYJKoZIhvcNAQELBQADggEBACTcpQC8jXL12JN5YzOcQ64ubQIe0XxRAd30p7qB\n"
-    "BTXGpgqBjrjxRfLms7EBYodEXB2oXMsDq3km0vT1MfYdsDD05S+SQ9CDsq/pUfaC\n"
-    "E2WNI5p8WircRnroYvbN2vkjlRbMd1+yNITohXYXCJwjEOAWOx3XIM10bwPYBv4R\n"
-    "rDobuLHoMgL3yHgMHmAkP7YpkBucNqeBV8cCdeAZLuhXFWi6yfr3r/X18yWbC/r2\n"
-    "2xXdkrSqXLFo7ToyP8YKTgiXpya4x6m53biEYwa2ULlas0igL6DK7wjYZX95Uy7H\n"
-    "GKljn9weIYiMPV/BzGymwfv2EW0preLwtyJNJPaxbdin6Jc=\n"
+    "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDQwMjAKBgNV\n"
+    "HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MBMGDCqGSIb3EgQBhLcJAAEB/wQAMA0G\n"
+    "CSqGSIb3DQEBCwUAA4IBAQBgSogsC5kf2wzr+0hmZtmLXYd0itAiYO0Gh9AyaEOO\n"
+    "myJFuqICHBSLXXUgwNkTUa2x2I/ivyReVFV756VOlWoaV2wJUs0zeCeVBgC9ZFsq\n"
+    "5a+8OGgXwgoYESFV5Y3QRF2a1Ytzfbw/o6xLXzTngvMsLOs12D4B5SkopyEZibF4\n"
+    "tXlRZyvEudTg3CCrjNP+p/GV07nZ3wcMmKJwQeilgzFUV7NaVCCo9jvPBGp0RxAN\n"
+    "KNif7jmjK4hD5mswo/Eq5kxQIc+mTfuUFdgHuAu1hfLYe0YK+Hr4RFf6Qy4hl7Ne\n"
+    "YjqkkSVIcr87u+8AznwdstnQzsyD27Jt7SjVORkYRywi\n"
+    "-----END X509 CRL-----\n";
+
+// kBadExtensionCRL is kBasicCRL but with an incorrectly-encoded issuing
+// distribution point extension.
+static const char kBadExtensionCRL[] =
+    "-----BEGIN X509 CRL-----\n"
+    "MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
+    "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n"
+    "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV\n"
+    "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3\n"
+    "i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q\n"
+    "mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ\n"
+    "NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A\n"
+    "3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+\n"
+    "7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp\n"
+    "o/1TpfOMSGhMyMoyPrk=\n"
     "-----END X509 CRL-----\n";
 
 // kEd25519Cert is a self-signed Ed25519 certificate.
@@ -1314,29 +1337,32 @@ TEST(X509Test, TestCRL) {
   ASSERT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
             Verify(leaf.get(), {root.get()}, {root.get()},
                    {unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
+
+  // Parsing kBadExtensionCRL should fail.
+  EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL));
 }
 
 TEST(X509Test, ManyNamesAndConstraints) {
-  bssl::UniquePtr<X509> many_constraints(
-      CertFromPEM(GetTestData("crypto/x509/many_constraints.pem").c_str()));
+  bssl::UniquePtr<X509> many_constraints(CertFromPEM(
+      GetTestData("crypto/x509/test/many_constraints.pem").c_str()));
   ASSERT_TRUE(many_constraints);
   bssl::UniquePtr<X509> many_names1(
-      CertFromPEM(GetTestData("crypto/x509/many_names1.pem").c_str()));
+      CertFromPEM(GetTestData("crypto/x509/test/many_names1.pem").c_str()));
   ASSERT_TRUE(many_names1);
   bssl::UniquePtr<X509> many_names2(
-      CertFromPEM(GetTestData("crypto/x509/many_names2.pem").c_str()));
+      CertFromPEM(GetTestData("crypto/x509/test/many_names2.pem").c_str()));
   ASSERT_TRUE(many_names2);
   bssl::UniquePtr<X509> many_names3(
-      CertFromPEM(GetTestData("crypto/x509/many_names3.pem").c_str()));
+      CertFromPEM(GetTestData("crypto/x509/test/many_names3.pem").c_str()));
   ASSERT_TRUE(many_names3);
   bssl::UniquePtr<X509> some_names1(
-      CertFromPEM(GetTestData("crypto/x509/some_names1.pem").c_str()));
+      CertFromPEM(GetTestData("crypto/x509/test/some_names1.pem").c_str()));
   ASSERT_TRUE(some_names1);
   bssl::UniquePtr<X509> some_names2(
-      CertFromPEM(GetTestData("crypto/x509/some_names2.pem").c_str()));
+      CertFromPEM(GetTestData("crypto/x509/test/some_names2.pem").c_str()));
   ASSERT_TRUE(some_names2);
   bssl::UniquePtr<X509> some_names3(
-      CertFromPEM(GetTestData("crypto/x509/some_names3.pem").c_str()));
+      CertFromPEM(GetTestData("crypto/x509/test/some_names3.pem").c_str()));
   ASSERT_TRUE(some_names3);
 
   EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
@@ -2226,3 +2252,309 @@ TEST(X509Test, ServerGatedCryptoEKUs) {
     EXPECT_EQ(X509_V_OK, verify_cert(leaf));
   }
 }
+
+// Test that invalid extensions are rejected by, if not the parser, at least the
+// verifier.
+TEST(X509Test, InvalidExtensions) {
+  bssl::UniquePtr<X509> root = CertFromPEM(
+      GetTestData("crypto/x509/test/invalid_extension_root.pem").c_str());
+  ASSERT_TRUE(root);
+  bssl::UniquePtr<X509> intermediate = CertFromPEM(
+      GetTestData("crypto/x509/test/invalid_extension_intermediate.pem")
+          .c_str());
+  ASSERT_TRUE(intermediate);
+  bssl::UniquePtr<X509> leaf = CertFromPEM(
+      GetTestData("crypto/x509/test/invalid_extension_leaf.pem").c_str());
+  ASSERT_TRUE(leaf);
+
+  // Sanity-check that the baseline chain is accepted.
+  EXPECT_EQ(X509_V_OK,
+            Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}));
+
+  static const char *kExtensions[] = {
+      "authority_key_identifier",
+      "basic_constraints",
+      "ext_key_usage",
+      "key_usage",
+      "name_constraints",
+      "subject_alt_name",
+      "subject_key_identifier",
+  };
+  for (const char *ext : kExtensions) {
+    SCOPED_TRACE(ext);
+    bssl::UniquePtr<X509> invalid_root = CertFromPEM(
+        GetTestData((std::string("crypto/x509/test/invalid_extension_root_") +
+                     ext + ".pem")
+                        .c_str())
+            .c_str());
+    ASSERT_TRUE(invalid_root);
+
+    bssl::UniquePtr<X509> invalid_intermediate = CertFromPEM(
+        GetTestData(
+            (std::string("crypto/x509/test/invalid_extension_intermediate_") +
+             ext + ".pem")
+                .c_str())
+            .c_str());
+    ASSERT_TRUE(invalid_intermediate);
+
+    bssl::UniquePtr<X509> invalid_leaf = CertFromPEM(
+        GetTestData((std::string("crypto/x509/test/invalid_extension_leaf_") +
+                     ext + ".pem")
+                        .c_str())
+            .c_str());
+    ASSERT_TRUE(invalid_leaf);
+
+    EXPECT_EQ(
+        X509_V_ERR_INVALID_EXTENSION,
+        Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {}));
+
+    // If the invalid extension is on an intermediate or root,
+    // |X509_verify_cert| notices by way of being unable to build a path to
+    // a valid issuer.
+    EXPECT_EQ(
+        X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+        Verify(leaf.get(), {root.get()}, {invalid_intermediate.get()}, {}));
+    EXPECT_EQ(
+        X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+        Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {}));
+  }
+}
+
+// kExplicitDefaultVersionPEM is an X.509v1 certificate with the version number
+// encoded explicitly, rather than omitted as required by DER.
+static const char kExplicitDefaultVersionPEM[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBfTCCASSgAwIBAAIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
+    "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
+    "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
+    "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
+    "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
+    "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
+    "HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w\n"
+    "BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ\n"
+    "FA==\n"
+    "-----END CERTIFICATE-----\n";
+
+// kNegativeVersionPEM is an X.509 certificate with a negative version number.
+static const char kNegativeVersionPEM[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBfTCCASSgAwIB/wIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
+    "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
+    "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
+    "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
+    "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
+    "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
+    "HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w\n"
+    "BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ\n"
+    "FA==\n"
+    "-----END CERTIFICATE-----\n";
+
+// kFutureVersionPEM is an X.509 certificate with a version number value of
+// three, which is not defined. (v3 has value two).
+static const char kFutureVersionPEM[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBfTCCASSgAwIBAwIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
+    "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
+    "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
+    "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
+    "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
+    "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
+    "HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w\n"
+    "BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ\n"
+    "FA==\n"
+    "-----END CERTIFICATE-----\n";
+
+// kOverflowVersionPEM is an X.509 certificate with a version field which
+// overflows |uint64_t|.
+static const char kOverflowVersionPEM[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBoDCCAUegJgIkAP//////////////////////////////////////////////\n"
+    "AgkA2UwE2kl9v+swCQYHKoZIzj0EATBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwK\n"
+    "U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4X\n"
+    "DTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UEBhMCQVUxEzAR\n"
+    "BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5\n"
+    "IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWX\n"
+    "a7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsEw\n"
+    "CQYHKoZIzj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYdd\n"
+    "xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU\n"
+    "-----END CERTIFICATE-----\n";
+
+// kV1WithExtensionsPEM is an X.509v1 certificate with extensions.
+static const char kV1WithExtensionsPEM[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIByjCCAXECCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw\n"
+    "EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0\n"
+    "eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG\n"
+    "EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk\n"
+    "Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+\n"
+    "Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x\n"
+    "lC1Lz3IiwaNQME4wHQYDVR0OBBYEFKuE0qyrlfCCThZ4B1VXX+QmjYLRMB8GA1Ud\n"
+    "IwQYMBaAFKuE0qyrlfCCThZ4B1VXX+QmjYLRMAwGA1UdEwQFMAMBAf8wCQYHKoZI\n"
+    "zj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYddxAcCIHwe\n"
+    "eRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU\n"
+    "-----END CERTIFICATE-----\n";
+
+// kV2WithExtensionsPEM is an X.509v2 certificate with extensions.
+static const char kV2WithExtensionsPEM[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBzzCCAXagAwIBAQIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
+    "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
+    "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
+    "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
+    "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
+    "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
+    "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
+    "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
+    "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
+    "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
+    "-----END CERTIFICATE-----\n";
+
+// kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
+static const char kV1WithIssuerUniqueIDPEM[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw\n"
+    "EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0\n"
+    "eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG\n"
+    "EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk\n"
+    "Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+\n"
+    "Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x\n"
+    "lC1Lz3IiwYEJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb\n"
+    "7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf\n"
+    "MlJhXnXJFA==\n"
+    "-----END CERTIFICATE-----\n";
+
+// kV1WithSubjectUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
+static const char kV1WithSubjectUniqueIDPEM[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw\n"
+    "EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0\n"
+    "eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG\n"
+    "EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk\n"
+    "Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+\n"
+    "Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x\n"
+    "lC1Lz3IiwYIJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb\n"
+    "7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf\n"
+    "MlJhXnXJFA==\n"
+    "-----END CERTIFICATE-----\n";
+
+// Test that the X.509 parser enforces versions are valid and match the fields
+// present.
+TEST(X509Test, InvalidVersion) {
+  EXPECT_FALSE(CertFromPEM(kExplicitDefaultVersionPEM));
+  EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM));
+  EXPECT_FALSE(CertFromPEM(kFutureVersionPEM));
+  EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM));
+  EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM));
+  EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM));
+  EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM));
+  EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM));
+}
+
+// The following strings are test certificates signed by kP256Key and kRSAKey,
+// with missing, NULL, or invalid algorithm parameters.
+static const char kP256NoParam[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX\n"
+    "DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0\n"
+    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke\n"
+    "DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w\n"
+    "DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy\n"
+    "aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy\n"
+    "gGzFYg==\n"
+    "-----END CERTIFICATE-----\n";
+static const char kP256NullParam[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw\n"
+    "IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl\n"
+    "c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3\n"
+    "qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw\n"
+    "DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX\n"
+    "UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r\n"
+    "t6uPxHrmpUY=\n"
+    "-----END CERTIFICATE-----\n";
+static const char kP256InvalidParam[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD\n"
+    "EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD\n"
+    "VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N\n"
+    "lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L\n"
+    "z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF\n"
+    "AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y\n"
+    "fLULTZnynuQUULQkRcF7S7T2WpIL\n"
+    "-----END CERTIFICATE-----\n";
+static const char kRSANoParam[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg\n"
+    "Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz\n"
+    "dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep\n"
+    "Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO\n"
+    "MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh\n"
+    "brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N\n"
+    "l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY\n"
+    "TWUH2ieFP3l+ecj1SeQR\n"
+    "-----END CERTIFICATE-----\n";
+static const char kRSANullParam[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0\n"
+    "MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU\n"
+    "ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr\n"
+    "t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ\n"
+    "MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL\n"
+    "fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy\n"
+    "seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua\n"
+    "SwmQUz4bRpckRBj+sIyp1We+pg==\n"
+    "-----END CERTIFICATE-----\n";
+static const char kRSAInvalidParam[] =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE\n"
+    "AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG\n"
+    "A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e\n"
+    "DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt\n"
+    "S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB\n"
+    "AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0\n"
+    "4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8\n"
+    "5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9\n"
+    "-----END CERTIFICATE-----\n";
+
+TEST(X509Test, AlgorithmParameters) {
+  // P-256 requires the parameter be omitted.
+  bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
+  ASSERT_TRUE(key);
+
+  bssl::UniquePtr<X509> cert = CertFromPEM(kP256NoParam);
+  ASSERT_TRUE(cert);
+  EXPECT_TRUE(X509_verify(cert.get(), key.get()));
+
+  cert = CertFromPEM(kP256NullParam);
+  ASSERT_TRUE(cert);
+  EXPECT_FALSE(X509_verify(cert.get(), key.get()));
+  uint32_t err = ERR_get_error();
+  EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
+  EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
+
+  cert = CertFromPEM(kP256InvalidParam);
+  ASSERT_TRUE(cert);
+  EXPECT_FALSE(X509_verify(cert.get(), key.get()));
+  err = ERR_get_error();
+  EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
+  EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
+
+  // RSA parameters should be NULL, but we accept omitted ones.
+  key = PrivateKeyFromPEM(kRSAKey);
+  ASSERT_TRUE(key);
+
+  cert = CertFromPEM(kRSANoParam);
+  ASSERT_TRUE(cert);
+  EXPECT_TRUE(X509_verify(cert.get(), key.get()));
+
+  cert = CertFromPEM(kRSANullParam);
+  ASSERT_TRUE(cert);
+  EXPECT_TRUE(X509_verify(cert.get(), key.get()));
+
+  cert = CertFromPEM(kRSAInvalidParam);
+  ASSERT_TRUE(cert);
+  EXPECT_FALSE(X509_verify(cert.get(), key.get()));
+  err = ERR_get_error();
+  EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
+  EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
+}
diff --git a/chromium/third_party/boringssl/src/crypto/x509/x509_trs.c b/chromium/third_party/boringssl/src/crypto/x509/x509_trs.c
index 18ac8839e07..019301ab8ec 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/x509_trs.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/x509_trs.c
@@ -59,6 +59,8 @@
 #include <openssl/obj.h>
 #include <openssl/x509v3.h>
 
+#include "../x509v3/internal.h"
+
 static int tr_cmp(const X509_TRUST **a, const X509_TRUST **b);
 static void trtable_free(X509_TRUST *p);
 
@@ -293,7 +295,8 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
 
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
 {
-    X509_check_purpose(x, -1, 0);
+    if (!x509v3_cache_extensions(x))
+        return X509_TRUST_UNTRUSTED;
     if (x->ex_flags & EXFLAG_SS)
         return X509_TRUST_TRUSTED;
     else
diff --git a/chromium/third_party/boringssl/src/crypto/x509/x509_vfy.c b/chromium/third_party/boringssl/src/crypto/x509/x509_vfy.c
index 87dcb477882..308ebbc3ae1 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/x509_vfy.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/x509_vfy.c
@@ -146,14 +146,16 @@ static int null_callback(int ok, X509_STORE_CTX *e)
     return ok;
 }
 
-/* Return 1 is a certificate is self signed */
-static int cert_self_signed(X509 *x)
+/* cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns
+ * one and sets |*out_is_self_signed| to the result. If |x| is invalid, it
+ * returns zero. */
+static int cert_self_signed(X509 *x, int *out_is_self_signed)
 {
-    X509_check_purpose(x, -1, 0);
-    if (x->ex_flags & EXFLAG_SS)
-        return 1;
-    else
+    if (!x509v3_cache_extensions(x)) {
         return 0;
+    }
+    *out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0;
+    return 1;
 }
 
 /* Given a certificate try and find an exact match in the store */
@@ -263,8 +265,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                  * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
                                  * later. */
 
+        int is_self_signed;
+        if (!cert_self_signed(x, &is_self_signed)) {
+            ctx->error = X509_V_ERR_INVALID_EXTENSION;
+            goto end;
+        }
+
         /* If we are self signed, we break */
-        if (cert_self_signed(x))
+        if (is_self_signed)
             break;
         /*
          * If asked see if we can find issuer in trusted store first
@@ -323,7 +331,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
          */
         i = sk_X509_num(ctx->chain);
         x = sk_X509_value(ctx->chain, i - 1);
-        if (cert_self_signed(x)) {
+
+        int is_self_signed;
+        if (!cert_self_signed(x, &is_self_signed)) {
+            ctx->error = X509_V_ERR_INVALID_EXTENSION;
+            goto end;
+        }
+
+        if (is_self_signed) {
             /* we have a self signed certificate */
             if (sk_X509_num(ctx->chain) == 1) {
                 /*
@@ -368,8 +383,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
             /* If we have enough, we break */
             if (depth < num)
                 break;
+            if (!cert_self_signed(x, &is_self_signed)) {
+                ctx->error = X509_V_ERR_INVALID_EXTENSION;
+                goto end;
+            }
             /* If we are self signed, we break */
-            if (cert_self_signed(x))
+            if (is_self_signed)
                 break;
             ok = ctx->get_issuer(&xtmp, ctx, x);
 
diff --git a/chromium/third_party/boringssl/src/crypto/x509/x509cset.c b/chromium/third_party/boringssl/src/crypto/x509/x509cset.c
index 6f2708c1d05..d2f2b8fa0bf 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/x509cset.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/x509cset.c
@@ -135,6 +135,11 @@ int X509_CRL_up_ref(X509_CRL *crl)
     return 1;
 }
 
+long X509_CRL_get_version(const X509_CRL *crl)
+{
+    return ASN1_INTEGER_get(crl->crl->version);
+}
+
 const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
 {
     return crl->crl->lastUpdate;
@@ -145,6 +150,26 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
     return crl->crl->nextUpdate;
 }
 
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+    return crl->crl->lastUpdate;
+}
+
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+    return crl->crl->nextUpdate;
+}
+
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
+{
+    return crl->crl->issuer;
+}
+
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
+{
+    return crl->crl->revoked;
+}
+
 void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
                              const X509_ALGOR **palg)
 {
diff --git a/chromium/third_party/boringssl/src/crypto/x509/x_crl.c b/chromium/third_party/boringssl/src/crypto/x509/x_crl.c
index 6450e84702c..f8ec4a330c6 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/x_crl.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/x_crl.c
@@ -86,7 +86,7 @@ struct x509_crl_method_st {
 };
 
 static int X509_REVOKED_cmp(const X509_REVOKED **a, const X509_REVOKED **b);
-static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
+static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
 
 ASN1_SEQUENCE(X509_REVOKED) = {
         ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
@@ -126,6 +126,9 @@ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
          * affect the output of X509_CRL_print().
          */
     case ASN1_OP_D2I_POST:
+        /* TODO(davidben): Check that default |versions| are never encoded and
+         * that |extensions| is only present in v2. */
+
         (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
         break;
     }
@@ -226,6 +229,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
     STACK_OF(X509_EXTENSION) *exts;
     X509_EXTENSION *ext;
     size_t idx;
+    int i;
 
     switch (operation) {
     case ASN1_OP_NEW_POST:
@@ -242,26 +246,44 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         break;
 
     case ASN1_OP_D2I_POST:
-        X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
+        if (!X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL)) {
+            return 0;
+        }
+
         crl->idp = X509_CRL_get_ext_d2i(crl,
-                                        NID_issuing_distribution_point, NULL,
+                                        NID_issuing_distribution_point, &i,
                                         NULL);
-        if (crl->idp)
-            setup_idp(crl, crl->idp);
+        if (crl->idp != NULL) {
+            if (!setup_idp(crl, crl->idp)) {
+                return 0;
+            }
+        } else if (i != -1) {
+            return 0;
+        }
 
         crl->akid = X509_CRL_get_ext_d2i(crl,
-                                         NID_authority_key_identifier, NULL,
+                                         NID_authority_key_identifier, &i,
                                          NULL);
+        if (crl->akid == NULL && i != -1) {
+            return 0;
+        }
 
         crl->crl_number = X509_CRL_get_ext_d2i(crl,
-                                               NID_crl_number, NULL, NULL);
+                                               NID_crl_number, &i, NULL);
+        if (crl->crl_number == NULL && i != -1) {
+            return 0;
+        }
 
-        crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
-                                                    NID_delta_crl, NULL,
+        crl->base_crl_number = X509_CRL_get_ext_d2i(crl, NID_delta_crl, &i,
                                                     NULL);
+        if (crl->base_crl_number == NULL && i != -1) {
+            return 0;
+        }
         /* Delta CRLs must have CRL number */
-        if (crl->base_crl_number && !crl->crl_number)
-            crl->flags |= EXFLAG_INVALID;
+        if (crl->base_crl_number && !crl->crl_number) {
+            OPENSSL_PUT_ERROR(X509, X509_R_DELTA_CRL_WITHOUT_CRL_NUMBER);
+            return 0;
+        }
 
         /*
          * See if we have any unhandled critical CRL extensions and indicate
@@ -319,7 +341,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
 /* Convert IDP into a more convenient form */
 
-static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
 {
     int idp_only = 0;
     /* Set various flags according to IDP */
@@ -352,7 +374,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
         crl->idp_reasons &= CRLDP_ALL_REASONS;
     }
 
-    DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
+    return DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
 }
 
 ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = {
diff --git a/chromium/third_party/boringssl/src/crypto/x509/x_x509.c b/chromium/third_party/boringssl/src/crypto/x509/x_x509.c
index 9ece062d22f..010b6254c50 100644
--- a/chromium/third_party/boringssl/src/crypto/x509/x_x509.c
+++ b/chromium/third_party/boringssl/src/crypto/x509/x_x509.c
@@ -115,11 +115,37 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         ret->buf = NULL;
         break;
 
-    case ASN1_OP_D2I_POST:
-        if (ret->name != NULL)
-            OPENSSL_free(ret->name);
+    case ASN1_OP_D2I_POST: {
+        /* The version must be one of v1(0), v2(1), or v3(2). If the version is
+         * v1(0), it must be omitted because it is DEFAULT. */
+        long version = 0;
+        if (ret->cert_info->version != NULL) {
+            version = ASN1_INTEGER_get(ret->cert_info->version);
+            if (version <= 0 || version > 2) {
+                OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION);
+                return 0;
+            }
+        }
+
+        /* Per RFC5280, section 4.1.2.8, these fields require v2 or v3. */
+        if (version == 0 && (ret->cert_info->issuerUID != NULL ||
+                             ret->cert_info->subjectUID != NULL)) {
+            OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
+            return 0;
+        }
+
+        /* Per RFC5280, section 4.1.2.9, extensions require v3. */
+        if (version != 2 && ret->cert_info->extensions != NULL) {
+            OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
+            return 0;
+        }
+
+        /* TODO(davidben): Remove this field once the few external accesses are
+         * removed. */
+        OPENSSL_free(ret->name);
         ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);
         break;
+    }
 
     case ASN1_OP_FREE_POST:
         CRYPTO_MUTEX_cleanup(&ret->lock);
diff --git a/chromium/third_party/boringssl/src/crypto/x509v3/internal.h b/chromium/third_party/boringssl/src/crypto/x509v3/internal.h
index c143d735d78..245a5d1f6e8 100644
--- a/chromium/third_party/boringssl/src/crypto/x509v3/internal.h
+++ b/chromium/third_party/boringssl/src/crypto/x509v3/internal.h
@@ -48,6 +48,11 @@ int x509v3_name_cmp(const char *name, const char *cmp);
 OPENSSL_EXPORT int x509v3_looks_like_dns_name(const unsigned char *in,
                                               size_t len);
 
+// x509v3_cache_extensions fills in a number of fields relating to X.509
+// extensions in |x|. It returns one on success and zero if some extensions were
+// invalid.
+int x509v3_cache_extensions(X509 *x);
+
 
 #if defined(__cplusplus)
 }  /* extern C */
diff --git a/chromium/third_party/boringssl/src/crypto/x509v3/v3_purp.c b/chromium/third_party/boringssl/src/crypto/x509v3/v3_purp.c
index d9d105e808d..e41b657febd 100644
--- a/chromium/third_party/boringssl/src/crypto/x509v3/v3_purp.c
+++ b/chromium/third_party/boringssl/src/crypto/x509v3/v3_purp.c
@@ -68,6 +68,7 @@
 #include <openssl/x509v3.h>
 
 #include "../internal.h"
+#include "internal.h"
 
 #define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
 #define ku_reject(x, usage) \
@@ -77,8 +78,6 @@
 #define ns_reject(x, usage) \
         (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
 
-static void x509v3_cache_extensions(X509 *x);
-
 static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
                                     int ca);
 static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
@@ -144,7 +143,10 @@ int X509_check_purpose(X509 *x, int id, int ca)
 {
     int idx;
     const X509_PURPOSE *pt;
-    x509v3_cache_extensions(x);
+    if (!x509v3_cache_extensions(x)) {
+        return -1;
+    }
+
     if (id == -1)
         return 1;
     idx = X509_PURPOSE_get_by_id(id);
@@ -368,7 +370,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
     return 0;
 }
 
-static void setup_dp(X509 *x, DIST_POINT *dp)
+static int setup_dp(X509 *x, DIST_POINT *dp)
 {
     X509_NAME *iname = NULL;
     size_t i;
@@ -381,7 +383,7 @@ static void setup_dp(X509 *x, DIST_POINT *dp)
     } else
         dp->dp_reasons = CRLDP_ALL_REASONS;
     if (!dp->distpoint || (dp->distpoint->type != 1))
-        return;
+        return 1;
     for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
         GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
         if (gen->type == GEN_DIRNAME) {
@@ -392,19 +394,25 @@ static void setup_dp(X509 *x, DIST_POINT *dp)
     if (!iname)
         iname = X509_get_issuer_name(x);
 
-    DIST_POINT_set_dpname(dp->distpoint, iname);
-
+    return DIST_POINT_set_dpname(dp->distpoint, iname);
 }
 
-static void setup_crldp(X509 *x)
+static int setup_crldp(X509 *x)
 {
-    size_t i;
-    x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
-    for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
-        setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
+    int j;
+    x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL);
+    if (x->crldp == NULL && j != -1) {
+        return 0;
+    }
+    for (size_t i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
+        if (!setup_dp(x, sk_DIST_POINT_value(x->crldp, i))) {
+            return 0;
+        }
+    }
+    return 1;
 }
 
-static void x509v3_cache_extensions(X509 *x)
+int x509v3_cache_extensions(X509 *x)
 {
     BASIC_CONSTRAINTS *bs;
     PROXY_CERT_INFO_EXTENSION *pci;
@@ -420,21 +428,22 @@ static void x509v3_cache_extensions(X509 *x)
     CRYPTO_MUTEX_unlock_read(&x->lock);
 
     if (is_set) {
-        return;
+        return (x->ex_flags & EXFLAG_INVALID) == 0;
     }
 
     CRYPTO_MUTEX_lock_write(&x->lock);
     if (x->ex_flags & EXFLAG_SET) {
         CRYPTO_MUTEX_unlock_write(&x->lock);
-        return;
+        return (x->ex_flags & EXFLAG_INVALID) == 0;
     }
 
-    X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
+    if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL))
+        x->ex_flags |= EXFLAG_INVALID;
     /* V1 should mean no extensions ... */
     if (!X509_get_version(x))
         x->ex_flags |= EXFLAG_V1;
     /* Handle basic constraints */
-    if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
+    if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL))) {
         if (bs->ca)
             x->ex_flags |= EXFLAG_CA;
         if (bs->pathlen) {
@@ -448,9 +457,11 @@ static void x509v3_cache_extensions(X509 *x)
             x->ex_pathlen = -1;
         BASIC_CONSTRAINTS_free(bs);
         x->ex_flags |= EXFLAG_BCONS;
+    } else if (j != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
     }
     /* Handle proxy certificates */
-    if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
+    if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &j, NULL))) {
         if (x->ex_flags & EXFLAG_CA
             || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
             || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
@@ -462,9 +473,11 @@ static void x509v3_cache_extensions(X509 *x)
             x->ex_pcpathlen = -1;
         PROXY_CERT_INFO_EXTENSION_free(pci);
         x->ex_flags |= EXFLAG_PROXY;
+    } else if (j != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
     }
     /* Handle key usage */
-    if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
+    if ((usage = X509_get_ext_d2i(x, NID_key_usage, &j, NULL))) {
         if (usage->length > 0) {
             x->ex_kusage = usage->data[0];
             if (usage->length > 1)
@@ -473,9 +486,11 @@ static void x509v3_cache_extensions(X509 *x)
             x->ex_kusage = 0;
         x->ex_flags |= EXFLAG_KUSAGE;
         ASN1_BIT_STRING_free(usage);
+    } else if (j != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
     }
     x->ex_xkusage = 0;
-    if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
+    if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL))) {
         x->ex_flags |= EXFLAG_XKUSAGE;
         for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
             switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
@@ -518,18 +533,28 @@ static void x509v3_cache_extensions(X509 *x)
             }
         }
         sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+    } else if (j != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
     }
 
-    if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
+    if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &j, NULL))) {
         if (ns->length > 0)
             x->ex_nscert = ns->data[0];
         else
             x->ex_nscert = 0;
         x->ex_flags |= EXFLAG_NSCERT;
         ASN1_BIT_STRING_free(ns);
+    } else if (j != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
+    }
+    x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL);
+    if (x->skid == NULL && j != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
+    }
+    x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL);
+    if (x->akid == NULL && j != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
     }
-    x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
-    x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
     /* Does subject name match issuer ? */
     if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
         x->ex_flags |= EXFLAG_SI;
@@ -538,11 +563,17 @@ static void x509v3_cache_extensions(X509 *x)
             !ku_reject(x, KU_KEY_CERT_SIGN))
             x->ex_flags |= EXFLAG_SS;
     }
-    x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL);
+    if (x->altname == NULL && j != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
+    }
     x->nc = X509_get_ext_d2i(x, NID_name_constraints, &j, NULL);
-    if (!x->nc && (j != -1))
+    if (x->nc == NULL && j != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
+    }
+    if (!setup_crldp(x)) {
         x->ex_flags |= EXFLAG_INVALID;
-    setup_crldp(x);
+    }
 
     for (j = 0; j < X509_get_ext_count(x); j++) {
         ex = X509_get_ext(x, j);
@@ -559,6 +590,7 @@ static void x509v3_cache_extensions(X509 *x)
     x->ex_flags |= EXFLAG_SET;
 
     CRYPTO_MUTEX_unlock_write(&x->lock);
+    return (x->ex_flags & EXFLAG_INVALID) == 0;
 }
 
 /* check_ca returns one if |x| should be considered a CA certificate and zero
@@ -579,7 +611,9 @@ static int check_ca(const X509 *x)
 
 int X509_check_ca(X509 *x)
 {
-    x509v3_cache_extensions(x);
+    if (!x509v3_cache_extensions(x)) {
+        return 0;
+    }
     return check_ca(x);
 }
 
@@ -761,8 +795,10 @@ int X509_check_issued(X509 *issuer, X509 *subject)
     if (X509_NAME_cmp(X509_get_subject_name(issuer),
                       X509_get_issuer_name(subject)))
         return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
-    x509v3_cache_extensions(issuer);
-    x509v3_cache_extensions(subject);
+    if (!x509v3_cache_extensions(issuer) ||
+        !x509v3_cache_extensions(subject)) {
+        return X509_V_ERR_UNSPECIFIED;
+    }
 
     if (subject->akid) {
         int ret = X509_check_akid(issuer, subject->akid);
@@ -819,15 +855,17 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
 
 uint32_t X509_get_extension_flags(X509 *x)
 {
-    /* Call for side-effect of computing hash and caching extensions */
-    X509_check_purpose(x, -1, -1);
+    if (!x509v3_cache_extensions(x)) {
+        return 0;
+    }
     return x->ex_flags;
 }
 
 uint32_t X509_get_key_usage(X509 *x)
 {
-    /* Call for side-effect of computing hash and caching extensions */
-    X509_check_purpose(x, -1, -1);
+    if (!x509v3_cache_extensions(x)) {
+        return 0;
+    }
     if (x->ex_flags & EXFLAG_KUSAGE)
         return x->ex_kusage;
     return UINT32_MAX;
@@ -835,8 +873,9 @@ uint32_t X509_get_key_usage(X509 *x)
 
 uint32_t X509_get_extended_key_usage(X509 *x)
 {
-    /* Call for side-effect of computing hash and caching extensions */
-    X509_check_purpose(x, -1, -1);
+    if (!x509v3_cache_extensions(x)) {
+        return 0;
+    }
     if (x->ex_flags & EXFLAG_XKUSAGE)
         return x->ex_xkusage;
     return UINT32_MAX;
diff --git a/chromium/third_party/boringssl/src/decrepit/bio/base64_bio.c b/chromium/third_party/boringssl/src/decrepit/bio/base64_bio.c
index 139d5625093..eb87186faa2 100644
--- a/chromium/third_party/boringssl/src/decrepit/bio/base64_bio.c
+++ b/chromium/third_party/boringssl/src/decrepit/bio/base64_bio.c
@@ -513,17 +513,10 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) {
 }
 
 static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb fp) {
-  long ret = 1;
-
   if (b->next_bio == NULL) {
     return 0;
   }
-  switch (cmd) {
-    default:
-      ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
-      break;
-  }
-  return ret;
+  return BIO_callback_ctrl(b->next_bio, cmd, fp);
 }
 
 static const BIO_METHOD b64_method = {
diff --git a/chromium/third_party/boringssl/src/include/openssl/asn1.h b/chromium/third_party/boringssl/src/include/openssl/asn1.h
index 6ae831b821f..c1a8d5af47a 100644
--- a/chromium/third_party/boringssl/src/include/openssl/asn1.h
+++ b/chromium/third_party/boringssl/src/include/openssl/asn1.h
@@ -619,14 +619,14 @@ typedef struct BIT_STRING_BITNAME_st {
 
 DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
 
-OPENSSL_EXPORT int ASN1_TYPE_get(ASN1_TYPE *a);
+OPENSSL_EXPORT int ASN1_TYPE_get(const ASN1_TYPE *a);
 OPENSSL_EXPORT void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 OPENSSL_EXPORT int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
 OPENSSL_EXPORT int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
 
 OPENSSL_EXPORT ASN1_OBJECT *	ASN1_OBJECT_new(void );
 OPENSSL_EXPORT void		ASN1_OBJECT_free(ASN1_OBJECT *a);
-OPENSSL_EXPORT int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
+OPENSSL_EXPORT int		i2d_ASN1_OBJECT(const ASN1_OBJECT *a,unsigned char **pp);
 OPENSSL_EXPORT ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
 						long length);
 OPENSSL_EXPORT ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
@@ -648,23 +648,23 @@ OPENSSL_EXPORT int 		ASN1_STRING_set(ASN1_STRING *str, const void *data, int len
 OPENSSL_EXPORT void		ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
 OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *x);
 OPENSSL_EXPORT void ASN1_STRING_length_set(ASN1_STRING *x, int n);
-OPENSSL_EXPORT int ASN1_STRING_type(ASN1_STRING *x);
+OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *x);
 OPENSSL_EXPORT unsigned char * ASN1_STRING_data(ASN1_STRING *x);
 OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-OPENSSL_EXPORT int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+OPENSSL_EXPORT int		i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a,unsigned char **pp);
 OPENSSL_EXPORT ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp, long length);
 OPENSSL_EXPORT int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length );
 OPENSSL_EXPORT int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
-OPENSSL_EXPORT int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
-OPENSSL_EXPORT int            ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, unsigned char *flags, int flags_len);
+OPENSSL_EXPORT int		ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
+OPENSSL_EXPORT int            ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, unsigned char *flags, int flags_len);
 
 OPENSSL_EXPORT int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
 OPENSSL_EXPORT int 		d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
-OPENSSL_EXPORT int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+OPENSSL_EXPORT int		i2c_ASN1_INTEGER(const ASN1_INTEGER *a,unsigned char **pp);
 OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp, long length);
 OPENSSL_EXPORT ASN1_INTEGER *	ASN1_INTEGER_dup(const ASN1_INTEGER *x);
 OPENSSL_EXPORT int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
@@ -713,15 +713,15 @@ DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
 
 OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
 OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t, int offset_day, long offset_sec);
-OPENSSL_EXPORT int ASN1_TIME_check(ASN1_TIME *t);
-OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+OPENSSL_EXPORT int ASN1_TIME_check(const ASN1_TIME *t);
+OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
 
-OPENSSL_EXPORT int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
-OPENSSL_EXPORT int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
-OPENSSL_EXPORT int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
-OPENSSL_EXPORT int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
-OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
+OPENSSL_EXPORT int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
+OPENSSL_EXPORT int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
+OPENSSL_EXPORT int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
+OPENSSL_EXPORT int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
+OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf,int buf_len, const ASN1_OBJECT *a);
 
 OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, const char *sn, const char *ln);
 
@@ -732,9 +732,9 @@ OPENSSL_EXPORT ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *
 OPENSSL_EXPORT BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai,BIGNUM *bn);
 
 OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
-OPENSSL_EXPORT long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
-OPENSSL_EXPORT ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
-OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
+OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+OPENSSL_EXPORT ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
+OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai,BIGNUM *bn);
 
 /* General */
 /* given a string, return the correct type, max is the maximum length */
@@ -753,7 +753,7 @@ OPENSSL_EXPORT void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
 #ifndef OPENSSL_NO_FP_API
 OPENSSL_EXPORT void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
 OPENSSL_EXPORT int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
-OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
+OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
 #endif
 
 OPENSSL_EXPORT int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
@@ -764,12 +764,12 @@ OPENSSL_EXPORT int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
 OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
 OPENSSL_EXPORT int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
 OPENSSL_EXPORT int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
-OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
 OPENSSL_EXPORT const char *ASN1_tag2str(int tag);
 
 /* Used to load and write netscape format cert */
 
-OPENSSL_EXPORT void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
+OPENSSL_EXPORT void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
 
 OPENSSL_EXPORT ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
 
@@ -793,8 +793,8 @@ OPENSSL_EXPORT ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char
 OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 OPENSSL_EXPORT int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 
-OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
+OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
 
 
 #ifdef  __cplusplus
diff --git a/chromium/third_party/boringssl/src/include/openssl/rand.h b/chromium/third_party/boringssl/src/include/openssl/rand.h
index 5d02e12b331..4847eb7539a 100644
--- a/chromium/third_party/boringssl/src/include/openssl/rand.h
+++ b/chromium/third_party/boringssl/src/include/openssl/rand.h
@@ -36,26 +36,12 @@ OPENSSL_EXPORT void RAND_cleanup(void);
 // Obscure functions.
 
 #if !defined(OPENSSL_WINDOWS)
-// RAND_set_urandom_fd causes the module to use a copy of |fd| for system
-// randomness rather opening /dev/urandom internally. The caller retains
-// ownership of |fd| and is at liberty to close it at any time. This is useful
-// if, due to a sandbox, /dev/urandom isn't available. If used, it must be
-// called before the first call to |RAND_bytes|, and it is mutually exclusive
-// with |RAND_enable_fork_unsafe_buffering|.
-//
-// |RAND_set_urandom_fd| does not buffer any entropy, so it is safe to call
-// |fork| at any time after calling |RAND_set_urandom_fd|.
-OPENSSL_EXPORT void RAND_set_urandom_fd(int fd);
-
 // RAND_enable_fork_unsafe_buffering enables efficient buffered reading of
 // /dev/urandom. It adds an overhead of a few KB of memory per thread. It must
-// be called before the first call to |RAND_bytes| and it is mutually exclusive
-// with calls to |RAND_set_urandom_fd|.
+// be called before the first call to |RAND_bytes|.
 //
-// If |fd| is non-negative then a copy of |fd| will be used rather than opening
-// /dev/urandom internally. Like |RAND_set_urandom_fd|, the caller retains
-// ownership of |fd|. If |fd| is negative then /dev/urandom will be opened and
-// any error from open(2) crashes the address space.
+// |fd| must be -1. We no longer support setting the file descriptor with this
+// function.
 //
 // It has an unusual name because the buffer is unsafe across calls to |fork|.
 // Hence, this function should never be called by libraries.
diff --git a/chromium/third_party/boringssl/src/include/openssl/ssl.h b/chromium/third_party/boringssl/src/include/openssl/ssl.h
index 613ab0a9ac8..8e11ef25e96 100644
--- a/chromium/third_party/boringssl/src/include/openssl/ssl.h
+++ b/chromium/third_party/boringssl/src/include/openssl/ssl.h
@@ -2197,6 +2197,20 @@ struct ssl_ticket_aead_method_st {
 OPENSSL_EXPORT void SSL_CTX_set_ticket_aead_method(
     SSL_CTX *ctx, const SSL_TICKET_AEAD_METHOD *aead_method);
 
+// SSL_process_tls13_new_session_ticket processes an unencrypted TLS 1.3
+// NewSessionTicket message from |buf| and returns a resumable |SSL_SESSION|,
+// or NULL on error. The caller takes ownership of the returned session and
+// must call |SSL_SESSION_free| to free it.
+//
+// |buf| contains |buf_len| bytes that represents a complete NewSessionTicket
+// message including its header, i.e., one byte for the type (0x04) and three
+// bytes for the length. |buf| must contain only one such message.
+//
+// This function may be used to process NewSessionTicket messages in TLS 1.3
+// clients that are handling the record layer externally.
+OPENSSL_EXPORT SSL_SESSION *SSL_process_tls13_new_session_ticket(
+    SSL *ssl, const uint8_t *buf, size_t buf_len);
+
 
 // Elliptic curve Diffie-Hellman.
 //
@@ -2450,7 +2464,7 @@ OPENSSL_EXPORT int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
 // one on success and zero on failure.
 //
 // See
-// https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_load_verify_locations.html
+// https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_load_verify_locations.html
 // for documentation on the directory format.
 OPENSSL_EXPORT int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
                                                  const char *ca_file,
@@ -3153,12 +3167,15 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
 // QUIC may impose similar restrictions, for example HTTP/3's restrictions on
 // SETTINGS frames.
 //
-// BoringSSL imposes a stricter check on the server to enforce these
-// restrictions. BoringSSL requires that the transport parameters and
-// application protocol state be a byte-for-byte match between the connection
-// where the ticket was issued and the connection where it is used for 0-RTT. If
-// there is a mismatch, BoringSSL will reject early data (but not reject the
-// resumption attempt).
+// BoringSSL implements this check by doing a byte-for-byte comparison of an
+// opaque context passed in by the server. This context must be the same on the
+// connection where the ticket was issued and the connection where that ticket
+// is used for 0-RTT. If there is a mismatch, or the context was not set,
+// BoringSSL will reject early data (but not reject the resumption attempt).
+// This context is set via |SSL_set_quic_early_data_context| and should cover
+// both transport parameters and any application state.
+// |SSL_set_quic_early_data_context| must be called on the server with a
+// non-empty context if the server is to support 0-RTT in QUIC.
 //
 // BoringSSL does not perform any client-side checks on the transport
 // parameters received from a server that also accepted early data. It is up to
@@ -3166,12 +3183,6 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
 // limits, and to close the QUIC connection if that is not the case. The same
 // holds for any application protocol state remembered for 0-RTT, e.g. HTTP/3
 // SETTINGS.
-//
-// The transport parameter check happens automatically with
-// |SSL_set_quic_transport_params|. QUIC servers must set application state via
-// |SSL_set_quic_early_data_context| to configure the application protocol
-// check. No other mechanisms are provided to have BoringSSL reject early data
-// because of QUIC transport or application protocol restrictions.
 
 // ssl_encryption_level_t represents a specific QUIC encryption level used to
 // transmit handshake messages.
@@ -3321,8 +3332,12 @@ OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(
 // SSL_set_quic_early_data_context configures a context string in QUIC servers
 // for accepting early data. If a resumption connection offers early data, the
 // server will check if the value matches that of the connection which minted
-// the ticket. If not, resumption still succeeds but early data is rejected. For
-// HTTP/3, this should be the serialized server SETTINGS frame.
+// the ticket. If not, resumption still succeeds but early data is rejected.
+// This should include all QUIC Transport Parameters except ones specified that
+// the client MUST NOT remember. This should also include any application
+// protocol-specific state. For HTTP/3, this should be the serialized server
+// SETTINGS frame and the QUIC Transport Parameters (except the stateless reset
+// token).
 //
 // This function may be called before |SSL_do_handshake| or during server
 // certificate selection. It returns 1 on success and 0 on failure.
@@ -4304,7 +4319,7 @@ OPENSSL_EXPORT int SSL_set1_sigalgs(SSL *ssl, const int *values,
 // SSL_CTX_set1_sigalgs_list takes a textual specification of a set of signature
 // algorithms and configures them on |ctx|. It returns one on success and zero
 // on error. See
-// https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set1_sigalgs_list.html for
+// https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html for
 // a description of the text format. Also note that TLS 1.3 names (e.g.
 // "rsa_pkcs1_md5_sha1") can also be used (as in OpenSSL, although OpenSSL
 // doesn't document that).
@@ -4317,7 +4332,7 @@ OPENSSL_EXPORT int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str);
 // SSL_set1_sigalgs_list takes a textual specification of a set of signature
 // algorithms and configures them on |ssl|. It returns one on success and zero
 // on error. See
-// https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set1_sigalgs_list.html for
+// https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html for
 // a description of the text format. Also note that TLS 1.3 names (e.g.
 // "rsa_pkcs1_md5_sha1") can also be used (as in OpenSSL, although OpenSSL
 // doesn't document that).
diff --git a/chromium/third_party/boringssl/src/include/openssl/x509.h b/chromium/third_party/boringssl/src/include/openssl/x509.h
index 7bf49236289..342569c1ca1 100644
--- a/chromium/third_party/boringssl/src/include/openssl/x509.h
+++ b/chromium/third_party/boringssl/src/include/openssl/x509.h
@@ -4,21 +4,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -33,10 +33,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -48,7 +48,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -56,25 +56,22 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
+ * ECDH support in OpenSSL originally developed by
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
 #ifndef HEADER_X509_H
 #define HEADER_X509_H
 
-#include <openssl/base.h>
-
-#include <time.h>
-
 #include <openssl/asn1.h>
+#include <openssl/base.h>
 #include <openssl/bio.h>
 #include <openssl/cipher.h>
 #include <openssl/dh.h>
 #include <openssl/dsa.h>
+#include <openssl/ec.h>
 #include <openssl/ecdh.h>
 #include <openssl/ecdsa.h>
-#include <openssl/ec.h>
 #include <openssl/evp.h>
 #include <openssl/obj.h>
 #include <openssl/pkcs7.h>
@@ -83,482 +80,516 @@
 #include <openssl/sha.h>
 #include <openssl/stack.h>
 #include <openssl/thread.h>
+#include <time.h>
 
-#ifdef  __cplusplus
+#ifdef __cplusplus
 extern "C" {
 #endif
 
 
-/* Legacy X.509 library.
- *
- * This header is part of OpenSSL's X.509 implementation. It is retained for
- * compatibility but otherwise underdocumented and not actively maintained. In
- * the future, a replacement library will be available. Meanwhile, minimize
- * dependencies on this header where possible. */
-
-
-#define X509_FILETYPE_PEM	1
-#define X509_FILETYPE_ASN1	2
-#define X509_FILETYPE_DEFAULT	3
-
-#define X509v3_KU_DIGITAL_SIGNATURE	0x0080
-#define X509v3_KU_NON_REPUDIATION	0x0040
-#define X509v3_KU_KEY_ENCIPHERMENT	0x0020
-#define X509v3_KU_DATA_ENCIPHERMENT	0x0010
-#define X509v3_KU_KEY_AGREEMENT		0x0008
-#define X509v3_KU_KEY_CERT_SIGN		0x0004
-#define X509v3_KU_CRL_SIGN		0x0002
-#define X509v3_KU_ENCIPHER_ONLY		0x0001
-#define X509v3_KU_DECIPHER_ONLY		0x8000
-#define X509v3_KU_UNDEF			0xffff
+// Legacy X.509 library.
+//
+// This header is part of OpenSSL's X.509 implementation. It is retained for
+// compatibility but otherwise underdocumented and not actively maintained. In
+// the future, a replacement library will be available. Meanwhile, minimize
+// dependencies on this header where possible.
+
+
+#define X509_FILETYPE_PEM 1
+#define X509_FILETYPE_ASN1 2
+#define X509_FILETYPE_DEFAULT 3
+
+#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
+#define X509v3_KU_NON_REPUDIATION 0x0040
+#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
+#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
+#define X509v3_KU_KEY_AGREEMENT 0x0008
+#define X509v3_KU_KEY_CERT_SIGN 0x0004
+#define X509v3_KU_CRL_SIGN 0x0002
+#define X509v3_KU_ENCIPHER_ONLY 0x0001
+#define X509v3_KU_DECIPHER_ONLY 0x8000
+#define X509v3_KU_UNDEF 0xffff
 
 DEFINE_STACK_OF(X509_ALGOR)
 DECLARE_ASN1_SET_OF(X509_ALGOR)
 
 typedef STACK_OF(X509_ALGOR) X509_ALGORS;
 
-struct X509_val_st
-	{
-	ASN1_TIME *notBefore;
-	ASN1_TIME *notAfter;
-	} /* X509_VAL */;
-
-struct X509_pubkey_st
-	{
-	X509_ALGOR *algor;
-	ASN1_BIT_STRING *public_key;
-	EVP_PKEY *pkey;
-	};
-
-struct X509_sig_st
-	{
-	X509_ALGOR *algor;
-	ASN1_OCTET_STRING *digest;
-	} /* X509_SIG */;
-
-struct X509_name_entry_st
-	{
-	ASN1_OBJECT *object;
-	ASN1_STRING *value;
-	int set;
-	int size; 	/* temp variable */
-	} /* X509_NAME_ENTRY */;
+struct X509_val_st {
+  ASN1_TIME *notBefore;
+  ASN1_TIME *notAfter;
+} /* X509_VAL */;
+
+struct X509_pubkey_st {
+  X509_ALGOR *algor;
+  ASN1_BIT_STRING *public_key;
+  EVP_PKEY *pkey;
+};
+
+struct X509_sig_st {
+  X509_ALGOR *algor;
+  ASN1_OCTET_STRING *digest;
+} /* X509_SIG */;
+
+struct X509_name_entry_st {
+  ASN1_OBJECT *object;
+  ASN1_STRING *value;
+  int set;
+  int size;  // temp variable
+} /* X509_NAME_ENTRY */;
 
 DEFINE_STACK_OF(X509_NAME_ENTRY)
 DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
 
-/* we always keep X509_NAMEs in 2 forms. */
-struct X509_name_st
-	{
-	STACK_OF(X509_NAME_ENTRY) *entries;
-	int modified;	/* true if 'bytes' needs to be built */
-	BUF_MEM *bytes;
-/*	unsigned long hash; Keep the hash around for lookups */
-	unsigned char *canon_enc;
-	int canon_enclen;
-	} /* X509_NAME */;
+// we always keep X509_NAMEs in 2 forms.
+struct X509_name_st {
+  STACK_OF(X509_NAME_ENTRY) * entries;
+  int modified;  // true if 'bytes' needs to be built
+  BUF_MEM *bytes;
+  //	unsigned long hash; Keep the hash around for lookups
+  unsigned char *canon_enc;
+  int canon_enclen;
+} /* X509_NAME */;
 
 DEFINE_STACK_OF(X509_NAME)
 
-struct X509_extension_st
-	{
-	ASN1_OBJECT *object;
-	ASN1_BOOLEAN critical;
-	ASN1_OCTET_STRING *value;
-	} /* X509_EXTENSION */;
+struct X509_extension_st {
+  ASN1_OBJECT *object;
+  ASN1_BOOLEAN critical;
+  ASN1_OCTET_STRING *value;
+} /* X509_EXTENSION */;
 
 typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
 
 DEFINE_STACK_OF(X509_EXTENSION)
 DECLARE_ASN1_SET_OF(X509_EXTENSION)
 
-/* a sequence of these are used */
-struct x509_attributes_st
-	{
-	ASN1_OBJECT *object;
-	int single; /* 0 for a set, 1 for a single item (which is wrong) */
-	union	{
-		char		*ptr;
-/* 0 */		STACK_OF(ASN1_TYPE) *set;
-/* 1 */		ASN1_TYPE	*single;
-		} value;
-	} /* X509_ATTRIBUTE */;
+// a sequence of these are used
+struct x509_attributes_st {
+  ASN1_OBJECT *object;
+  int single;  // 0 for a set, 1 for a single item (which is wrong)
+  union {
+    char *ptr;
+    /* 0 */ STACK_OF(ASN1_TYPE) * set;
+    /* 1 */ ASN1_TYPE *single;
+  } value;
+} /* X509_ATTRIBUTE */;
 
 DEFINE_STACK_OF(X509_ATTRIBUTE)
 DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
 
 
-struct X509_req_info_st
-	{
-	ASN1_ENCODING enc;
-	ASN1_INTEGER *version;
-	X509_NAME *subject;
-	X509_PUBKEY *pubkey;
-	/*  d=2 hl=2 l=  0 cons: cont: 00 */
-	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-	} /* X509_REQ_INFO */;
-
-struct X509_req_st
-	{
-	X509_REQ_INFO *req_info;
-	X509_ALGOR *sig_alg;
-	ASN1_BIT_STRING *signature;
-	CRYPTO_refcount_t references;
-	} /* X509_REQ */;
-
-struct x509_cinf_st
-	{
-	ASN1_INTEGER *version;		/* [ 0 ] default of v1 */
-	ASN1_INTEGER *serialNumber;
-	X509_ALGOR *signature;
-	X509_NAME *issuer;
-	X509_VAL *validity;
-	X509_NAME *subject;
-	X509_PUBKEY *key;
-	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */
-	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */
-	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */
-	ASN1_ENCODING enc;
-	} /* X509_CINF */;
-
-/* This stuff is certificate "auxiliary info"
- * it contains details which are useful in certificate
- * stores and databases. When used this is tagged onto
- * the end of the certificate itself
- */
-
-struct x509_cert_aux_st
-	{
-	STACK_OF(ASN1_OBJECT) *trust;		/* trusted uses */
-	STACK_OF(ASN1_OBJECT) *reject;		/* rejected uses */
-	ASN1_UTF8STRING *alias;			/* "friendly name" */
-	ASN1_OCTET_STRING *keyid;		/* key id of private key */
-	STACK_OF(X509_ALGOR) *other;		/* other unspecified info */
-	} /* X509_CERT_AUX */;
+struct X509_req_info_st {
+  ASN1_ENCODING enc;
+  ASN1_INTEGER *version;
+  X509_NAME *subject;
+  X509_PUBKEY *pubkey;
+  //  d=2 hl=2 l=  0 cons: cont: 00
+  STACK_OF(X509_ATTRIBUTE) * attributes;  // [ 0 ]
+} /* X509_REQ_INFO */;
+
+struct X509_req_st {
+  X509_REQ_INFO *req_info;
+  X509_ALGOR *sig_alg;
+  ASN1_BIT_STRING *signature;
+  CRYPTO_refcount_t references;
+} /* X509_REQ */;
+
+struct x509_cinf_st {
+  ASN1_INTEGER *version;  // [ 0 ] default of v1
+  ASN1_INTEGER *serialNumber;
+  X509_ALGOR *signature;
+  X509_NAME *issuer;
+  X509_VAL *validity;
+  X509_NAME *subject;
+  X509_PUBKEY *key;
+  ASN1_BIT_STRING *issuerUID;             // [ 1 ] optional in v2
+  ASN1_BIT_STRING *subjectUID;            // [ 2 ] optional in v2
+  STACK_OF(X509_EXTENSION) * extensions;  // [ 3 ] optional in v3
+  ASN1_ENCODING enc;
+} /* X509_CINF */;
+
+// This stuff is certificate "auxiliary info"
+// it contains details which are useful in certificate
+// stores and databases. When used this is tagged onto
+// the end of the certificate itself
+
+struct x509_cert_aux_st {
+  STACK_OF(ASN1_OBJECT) * trust;   // trusted uses
+  STACK_OF(ASN1_OBJECT) * reject;  // rejected uses
+  ASN1_UTF8STRING *alias;          // "friendly name"
+  ASN1_OCTET_STRING *keyid;        // key id of private key
+  STACK_OF(X509_ALGOR) * other;    // other unspecified info
+} /* X509_CERT_AUX */;
 
 DECLARE_STACK_OF(DIST_POINT)
 DECLARE_STACK_OF(GENERAL_NAME)
 
-struct x509_st
-	{
-	X509_CINF *cert_info;
-	X509_ALGOR *sig_alg;
-	ASN1_BIT_STRING *signature;
-	CRYPTO_refcount_t references;
-	char *name;
-	CRYPTO_EX_DATA ex_data;
-	/* These contain copies of various extension values */
-	long ex_pathlen;
-	long ex_pcpathlen;
-	unsigned long ex_flags;
-	unsigned long ex_kusage;
-	unsigned long ex_xkusage;
-	unsigned long ex_nscert;
-	ASN1_OCTET_STRING *skid;
-	AUTHORITY_KEYID *akid;
-	X509_POLICY_CACHE *policy_cache;
-	STACK_OF(DIST_POINT) *crldp;
-	STACK_OF(GENERAL_NAME) *altname;
-	NAME_CONSTRAINTS *nc;
-	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-	X509_CERT_AUX *aux;
-	CRYPTO_BUFFER *buf;
-	CRYPTO_MUTEX lock;
-	} /* X509 */;
+struct x509_st {
+  X509_CINF *cert_info;
+  X509_ALGOR *sig_alg;
+  ASN1_BIT_STRING *signature;
+  CRYPTO_refcount_t references;
+  char *name;
+  CRYPTO_EX_DATA ex_data;
+  // These contain copies of various extension values
+  long ex_pathlen;
+  long ex_pcpathlen;
+  unsigned long ex_flags;
+  unsigned long ex_kusage;
+  unsigned long ex_xkusage;
+  unsigned long ex_nscert;
+  ASN1_OCTET_STRING *skid;
+  AUTHORITY_KEYID *akid;
+  X509_POLICY_CACHE *policy_cache;
+  STACK_OF(DIST_POINT) * crldp;
+  STACK_OF(GENERAL_NAME) * altname;
+  NAME_CONSTRAINTS *nc;
+  unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+  X509_CERT_AUX *aux;
+  CRYPTO_BUFFER *buf;
+  CRYPTO_MUTEX lock;
+} /* X509 */;
 
 DEFINE_STACK_OF(X509)
 DECLARE_ASN1_SET_OF(X509)
 
-/* This is used for a table of trust checking functions */
+// This is used for a table of trust checking functions
 
 struct x509_trust_st {
-	int trust;
-	int flags;
-	int (*check_trust)(struct x509_trust_st *, X509 *, int);
-	char *name;
-	int arg1;
-	void *arg2;
+  int trust;
+  int flags;
+  int (*check_trust)(struct x509_trust_st *, X509 *, int);
+  char *name;
+  int arg1;
+  void *arg2;
 } /* X509_TRUST */;
 
 DEFINE_STACK_OF(X509_TRUST)
 
-/* standard trust ids */
+// standard trust ids
 
-#define X509_TRUST_DEFAULT	(-1)	/* Only valid in purpose settings */
+#define X509_TRUST_DEFAULT (-1)  // Only valid in purpose settings
 
-#define X509_TRUST_COMPAT	1
-#define X509_TRUST_SSL_CLIENT	2
-#define X509_TRUST_SSL_SERVER	3
-#define X509_TRUST_EMAIL	4
-#define X509_TRUST_OBJECT_SIGN	5
-#define X509_TRUST_OCSP_SIGN	6
-#define X509_TRUST_OCSP_REQUEST	7
-#define X509_TRUST_TSA		8
+#define X509_TRUST_COMPAT 1
+#define X509_TRUST_SSL_CLIENT 2
+#define X509_TRUST_SSL_SERVER 3
+#define X509_TRUST_EMAIL 4
+#define X509_TRUST_OBJECT_SIGN 5
+#define X509_TRUST_OCSP_SIGN 6
+#define X509_TRUST_OCSP_REQUEST 7
+#define X509_TRUST_TSA 8
 
-/* Keep these up to date! */
-#define X509_TRUST_MIN		1
-#define X509_TRUST_MAX		8
+// Keep these up to date!
+#define X509_TRUST_MIN 1
+#define X509_TRUST_MAX 8
 
 
-/* trust_flags values */
-#define	X509_TRUST_DYNAMIC 	1
-#define	X509_TRUST_DYNAMIC_NAME	2
+// trust_flags values
+#define X509_TRUST_DYNAMIC 1
+#define X509_TRUST_DYNAMIC_NAME 2
 
-/* check_trust return codes */
+// check_trust return codes
 
-#define X509_TRUST_TRUSTED	1
-#define X509_TRUST_REJECTED	2
-#define X509_TRUST_UNTRUSTED	3
+#define X509_TRUST_TRUSTED 1
+#define X509_TRUST_REJECTED 2
+#define X509_TRUST_UNTRUSTED 3
 
-/* Flags for X509_print_ex() */
+// Flags for X509_print_ex()
 
-#define	X509_FLAG_COMPAT		0
-#define	X509_FLAG_NO_HEADER		1L
-#define	X509_FLAG_NO_VERSION		(1L << 1)
-#define	X509_FLAG_NO_SERIAL		(1L << 2)
-#define	X509_FLAG_NO_SIGNAME		(1L << 3)
-#define	X509_FLAG_NO_ISSUER		(1L << 4)
-#define	X509_FLAG_NO_VALIDITY		(1L << 5)
-#define	X509_FLAG_NO_SUBJECT		(1L << 6)
-#define	X509_FLAG_NO_PUBKEY		(1L << 7)
-#define	X509_FLAG_NO_EXTENSIONS		(1L << 8)
-#define	X509_FLAG_NO_SIGDUMP		(1L << 9)
-#define	X509_FLAG_NO_AUX		(1L << 10)
-#define	X509_FLAG_NO_ATTRIBUTES		(1L << 11)
-#define	X509_FLAG_NO_IDS		(1L << 12)
+#define X509_FLAG_COMPAT 0
+#define X509_FLAG_NO_HEADER 1L
+#define X509_FLAG_NO_VERSION (1L << 1)
+#define X509_FLAG_NO_SERIAL (1L << 2)
+#define X509_FLAG_NO_SIGNAME (1L << 3)
+#define X509_FLAG_NO_ISSUER (1L << 4)
+#define X509_FLAG_NO_VALIDITY (1L << 5)
+#define X509_FLAG_NO_SUBJECT (1L << 6)
+#define X509_FLAG_NO_PUBKEY (1L << 7)
+#define X509_FLAG_NO_EXTENSIONS (1L << 8)
+#define X509_FLAG_NO_SIGDUMP (1L << 9)
+#define X509_FLAG_NO_AUX (1L << 10)
+#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
+#define X509_FLAG_NO_IDS (1L << 12)
 
-/* Flags specific to X509_NAME_print_ex() */	
+// Flags specific to X509_NAME_print_ex()
 
-/* The field separator information */
+// The field separator information
 
-#define XN_FLAG_SEP_MASK	(0xf << 16)
+#define XN_FLAG_SEP_MASK (0xf << 16)
 
-#define XN_FLAG_COMPAT		0		/* Traditional SSLeay: use old X509_NAME_print */
-#define XN_FLAG_SEP_COMMA_PLUS	(1 << 16)	/* RFC2253 ,+ */
-#define XN_FLAG_SEP_CPLUS_SPC	(2 << 16)	/* ,+ spaced: more readable */
-#define XN_FLAG_SEP_SPLUS_SPC	(3 << 16)	/* ;+ spaced */
-#define XN_FLAG_SEP_MULTILINE	(4 << 16)	/* One line per field */
+#define XN_FLAG_COMPAT 0  // Traditional SSLeay: use old X509_NAME_print
+#define XN_FLAG_SEP_COMMA_PLUS (1 << 16)  // RFC2253 ,+
+#define XN_FLAG_SEP_CPLUS_SPC (2 << 16)   // ,+ spaced: more readable
+#define XN_FLAG_SEP_SPLUS_SPC (3 << 16)   // ;+ spaced
+#define XN_FLAG_SEP_MULTILINE (4 << 16)   // One line per field
 
-#define XN_FLAG_DN_REV		(1 << 20)	/* Reverse DN order */
+#define XN_FLAG_DN_REV (1 << 20)  // Reverse DN order
 
-/* How the field name is shown */
+// How the field name is shown
 
-#define XN_FLAG_FN_MASK		(0x3 << 21)
+#define XN_FLAG_FN_MASK (0x3 << 21)
 
-#define XN_FLAG_FN_SN		0		/* Object short name */
-#define XN_FLAG_FN_LN		(1 << 21)	/* Object long name */
-#define XN_FLAG_FN_OID		(2 << 21)	/* Always use OIDs */
-#define XN_FLAG_FN_NONE		(3 << 21)	/* No field names */
+#define XN_FLAG_FN_SN 0            // Object short name
+#define XN_FLAG_FN_LN (1 << 21)    // Object long name
+#define XN_FLAG_FN_OID (2 << 21)   // Always use OIDs
+#define XN_FLAG_FN_NONE (3 << 21)  // No field names
 
-#define XN_FLAG_SPC_EQ		(1 << 23)	/* Put spaces round '=' */
+#define XN_FLAG_SPC_EQ (1 << 23)  // Put spaces round '='
 
-/* This determines if we dump fields we don't recognise:
- * RFC2253 requires this.
- */
+// This determines if we dump fields we don't recognise:
+// RFC2253 requires this.
 
 #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
 
-#define XN_FLAG_FN_ALIGN	(1 << 25)	/* Align field names to 20 characters */
-
-/* Complete set of RFC2253 flags */
-
-#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
-			XN_FLAG_SEP_COMMA_PLUS | \
-			XN_FLAG_DN_REV | \
-			XN_FLAG_FN_SN | \
-			XN_FLAG_DUMP_UNKNOWN_FIELDS)
-
-/* readable oneline form */
-
-#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
-			ASN1_STRFLGS_ESC_QUOTE | \
-			XN_FLAG_SEP_CPLUS_SPC | \
-			XN_FLAG_SPC_EQ | \
-			XN_FLAG_FN_SN)
-
-/* readable multiline form */
-
-#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
-			ASN1_STRFLGS_ESC_MSB | \
-			XN_FLAG_SEP_MULTILINE | \
-			XN_FLAG_SPC_EQ | \
-			XN_FLAG_FN_LN | \
-			XN_FLAG_FN_ALIGN)
-
-struct x509_revoked_st
-	{
-	ASN1_INTEGER *serialNumber;
-	ASN1_TIME *revocationDate;
-	STACK_OF(X509_EXTENSION) /* optional */ *extensions;
-	/* Set up if indirect CRL */
-	STACK_OF(GENERAL_NAME) *issuer;
-	/* Revocation reason */
-	int reason;
-	int sequence; /* load sequence */
-	};
+#define XN_FLAG_FN_ALIGN (1 << 25)  // Align field names to 20 characters
+
+// Complete set of RFC2253 flags
+
+#define XN_FLAG_RFC2253                                             \
+  (ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | \
+   XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+// readable oneline form
+
+#define XN_FLAG_ONELINE                                                    \
+  (ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | \
+   XN_FLAG_SPC_EQ | XN_FLAG_FN_SN)
+
+// readable multiline form
+
+#define XN_FLAG_MULTILINE                                                 \
+  (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | \
+   XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN)
+
+struct x509_revoked_st {
+  ASN1_INTEGER *serialNumber;
+  ASN1_TIME *revocationDate;
+  STACK_OF(X509_EXTENSION) /* optional */ * extensions;
+  // Set up if indirect CRL
+  STACK_OF(GENERAL_NAME) * issuer;
+  // Revocation reason
+  int reason;
+  int sequence;  // load sequence
+};
 
 DEFINE_STACK_OF(X509_REVOKED)
 DECLARE_ASN1_SET_OF(X509_REVOKED)
 
-struct X509_crl_info_st
-	{
-	ASN1_INTEGER *version;
-	X509_ALGOR *sig_alg;
-	X509_NAME *issuer;
-	ASN1_TIME *lastUpdate;
-	ASN1_TIME *nextUpdate;
-	STACK_OF(X509_REVOKED) *revoked;
-	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
-	ASN1_ENCODING enc;
-	} /* X509_CRL_INFO */;
+struct X509_crl_info_st {
+  ASN1_INTEGER *version;
+  X509_ALGOR *sig_alg;
+  X509_NAME *issuer;
+  ASN1_TIME *lastUpdate;
+  ASN1_TIME *nextUpdate;
+  STACK_OF(X509_REVOKED) * revoked;
+  STACK_OF(X509_EXTENSION) /* [0] */ * extensions;
+  ASN1_ENCODING enc;
+} /* X509_CRL_INFO */;
 
 DECLARE_STACK_OF(GENERAL_NAMES)
 
-struct X509_crl_st
-	{
-	/* actual signature */
-	X509_CRL_INFO *crl;
-	X509_ALGOR *sig_alg;
-	ASN1_BIT_STRING *signature;
-	CRYPTO_refcount_t references;
-	int flags;
-	/* Copies of various extensions */
-	AUTHORITY_KEYID *akid;
-	ISSUING_DIST_POINT *idp;
-	/* Convenient breakdown of IDP */
-	int idp_flags;
-	int idp_reasons;
-	/* CRL and base CRL numbers for delta processing */
-	ASN1_INTEGER *crl_number;
-	ASN1_INTEGER *base_crl_number;
-	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-	STACK_OF(GENERAL_NAMES) *issuers;
-	const X509_CRL_METHOD *meth;
-	void *meth_data;
-	} /* X509_CRL */;
+struct X509_crl_st {
+  // actual signature
+  X509_CRL_INFO *crl;
+  X509_ALGOR *sig_alg;
+  ASN1_BIT_STRING *signature;
+  CRYPTO_refcount_t references;
+  int flags;
+  // Copies of various extensions
+  AUTHORITY_KEYID *akid;
+  ISSUING_DIST_POINT *idp;
+  // Convenient breakdown of IDP
+  int idp_flags;
+  int idp_reasons;
+  // CRL and base CRL numbers for delta processing
+  ASN1_INTEGER *crl_number;
+  ASN1_INTEGER *base_crl_number;
+  unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+  STACK_OF(GENERAL_NAMES) * issuers;
+  const X509_CRL_METHOD *meth;
+  void *meth_data;
+} /* X509_CRL */;
 
 DEFINE_STACK_OF(X509_CRL)
 DECLARE_ASN1_SET_OF(X509_CRL)
 
-struct private_key_st
-	{
-	int version;
-	/* The PKCS#8 data types */
-	X509_ALGOR *enc_algor;
-	ASN1_OCTET_STRING *enc_pkey;	/* encrypted pub key */
+struct private_key_st {
+  int version;
+  // The PKCS#8 data types
+  X509_ALGOR *enc_algor;
+  ASN1_OCTET_STRING *enc_pkey;  // encrypted pub key
 
-	/* When decrypted, the following will not be NULL */
-	EVP_PKEY *dec_pkey;
+  // When decrypted, the following will not be NULL
+  EVP_PKEY *dec_pkey;
 
-	/* used to encrypt and decrypt */
-	int key_length;
-	char *key_data;
-	int key_free;	/* true if we should auto free key_data */
+  // used to encrypt and decrypt
+  int key_length;
+  char *key_data;
+  int key_free;  // true if we should auto free key_data
 
-	/* expanded version of 'enc_algor' */
-	EVP_CIPHER_INFO cipher;
-	} /* X509_PKEY */;
+  // expanded version of 'enc_algor'
+  EVP_CIPHER_INFO cipher;
+} /* X509_PKEY */;
 
 #ifndef OPENSSL_NO_EVP
-struct X509_info_st
-	{
-	X509 *x509;
-	X509_CRL *crl;
-	X509_PKEY *x_pkey;
+struct X509_info_st {
+  X509 *x509;
+  X509_CRL *crl;
+  X509_PKEY *x_pkey;
 
-	EVP_CIPHER_INFO enc_cipher;
-	int enc_len;
-	char *enc_data;
+  EVP_CIPHER_INFO enc_cipher;
+  int enc_len;
+  char *enc_data;
 
-	} /* X509_INFO */;
+} /* X509_INFO */;
 
 DEFINE_STACK_OF(X509_INFO)
 #endif
 
-/* The next 2 structures and their 8 routines were sent to me by
- * Pat Richard <patr@x509.com> and are used to manipulate
- * Netscapes spki structures - useful if you are writing a CA web page
- */
-struct Netscape_spkac_st
-	{
-	X509_PUBKEY *pubkey;
-	ASN1_IA5STRING *challenge;	/* challenge sent in atlas >= PR2 */
-	} /* NETSCAPE_SPKAC */;
-
-struct Netscape_spki_st
-	{
-	NETSCAPE_SPKAC *spkac;	/* signed public key and challenge */
-	X509_ALGOR *sig_algor;
-	ASN1_BIT_STRING *signature;
-	} /* NETSCAPE_SPKI */;
-
-/* PKCS#8 private key info structure */
-
-struct pkcs8_priv_key_info_st
-        {
-        int broken;     /* Flag for various broken formats */
-#define PKCS8_OK		0
-#define PKCS8_NO_OCTET		1
-#define PKCS8_EMBEDDED_PARAM	2
-#define PKCS8_NS_DB		3
-#define PKCS8_NEG_PRIVKEY	4
-        ASN1_INTEGER *version;
-        X509_ALGOR *pkeyalg;
-        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
-        STACK_OF(X509_ATTRIBUTE) *attributes;
-        };
-
-#ifdef  __cplusplus
+// The next 2 structures and their 8 routines were sent to me by
+// Pat Richard <patr@x509.com> and are used to manipulate
+// Netscapes spki structures - useful if you are writing a CA web page
+struct Netscape_spkac_st {
+  X509_PUBKEY *pubkey;
+  ASN1_IA5STRING *challenge;  // challenge sent in atlas >= PR2
+} /* NETSCAPE_SPKAC */;
+
+struct Netscape_spki_st {
+  NETSCAPE_SPKAC *spkac;  // signed public key and challenge
+  X509_ALGOR *sig_algor;
+  ASN1_BIT_STRING *signature;
+} /* NETSCAPE_SPKI */;
+
+// PKCS#8 private key info structure
+
+struct pkcs8_priv_key_info_st {
+  int broken;  // Flag for various broken formats
+#define PKCS8_OK 0
+#define PKCS8_NO_OCTET 1
+#define PKCS8_EMBEDDED_PARAM 2
+#define PKCS8_NS_DB 3
+#define PKCS8_NEG_PRIVKEY 4
+  ASN1_INTEGER *version;
+  X509_ALGOR *pkeyalg;
+  ASN1_TYPE *pkey;  // Should be OCTET STRING but some are broken
+  STACK_OF(X509_ATTRIBUTE) * attributes;
+};
+
+#ifdef __cplusplus
 }
 #endif
 
 #include <openssl/x509_vfy.h>
 
-#ifdef  __cplusplus
+#ifdef __cplusplus
 extern "C" {
 #endif
 
-#define		X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
-/* #define	X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
-#define		X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
-#define		X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
-#define		X509_get_cert_info(x) ((x)->cert_info)
-#define		X509_extract_key(x)	X509_get_pubkey(x) /*****/
-#define		X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
-#define		X509_REQ_get_subject_name(x) ((x)->req_info->subject)
-#define		X509_REQ_extract_key(a)	X509_REQ_get_pubkey(a)
-#define		X509_name_cmp(a,b)	X509_NAME_cmp((a),(b))
-#define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
-
-#define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
-const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
-#define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-#define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-#define		X509_CRL_get_issuer(x) ((x)->crl->issuer)
-#define		X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-
-#define		X509_CINF_set_modified(c) ((c)->enc.modified = 1)
-#define		X509_CINF_get_issuer(c) (&(c)->issuer)
-#define		X509_CINF_get_extensions(c) ((c)->extensions)
-#define		X509_CINF_get_signature(c) ((c)->signature)
+// X509_get_version returns the numerical value of |x509|'s version. That is,
+// it returns zero for X.509v1, one for X.509v2, and two for X.509v3. Unknown
+// versions are rejected by the parser, but a manually-created |X509| object may
+// encode invalid versions. In that case, the function will return the invalid
+// version, or -1 on overflow.
+OPENSSL_EXPORT long X509_get_version(const X509 *x509);
+
+// X509_get_notBefore returns |x509|'s notBefore value. Note this function is
+// not const-correct for legacy reasons. Use |X509_get0_notBefore| or
+// |X509_getm_notBefore| instead.
+OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
+
+// X509_get_notAfter returns |x509|'s notAfter value. Note this function is not
+// const-correct for legacy reasons. Use |X509_get0_notAfter| or
+// |X509_getm_notAfter| instead.
+OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509);
+
+// X509_get_cert_info returns |x509|'s TBSCertificate structure. Note this
+// function is not const-correct for legacy reasons.
+//
+// This function is deprecated and may be removed in the future. It is not
+// present in OpenSSL and constrains some improvements to the library.
+OPENSSL_EXPORT X509_CINF *X509_get_cert_info(const X509 *x509);
+
+// X509_extract_key is a legacy alias to |X509_get_pubkey|. Use
+// |X509_get_pubkey| instead.
+#define X509_extract_key(x) X509_get_pubkey(x)
+
+// X509_REQ_get_version returns the numerical value of |req|'s version. That is,
+// it returns zero for a v1 request. If |req| is invalid, it may return another
+// value, or -1 on overflow.
+OPENSSL_EXPORT long X509_REQ_get_version(const X509_REQ *req);
+
+// X509_REQ_get_subject_name returns |req|'s subject name. Note this function is
+// not const-correct for legacy reasons.
+OPENSSL_EXPORT X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+
+// X509_REQ_extract_key is a legacy alias for |X509_REQ_get_pubkey|.
+#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
+
+// X509_name_cmp is a legacy alias for |X509_NAME_cmp|.
+#define X509_name_cmp(a, b) X509_NAME_cmp((a), (b))
+
+// X509_REQ_get_version returns the numerical value of |crl|'s version. That is,
+// it returns zero for a v1 CRL and one for a v2 CRL. If |crl| is invalid, it
+// may return another value, or -1 on overflow.
+OPENSSL_EXPORT long X509_CRL_get_version(const X509_CRL *crl);
+
+// X509_CRL_get0_lastUpdate returns |crl|'s lastUpdate time.
+OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+
+// X509_CRL_get0_lastUpdate returns |crl|'s nextUpdate time.
+OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+
+// X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s lastUpdate time.
+// Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set_lastUpdate| instead.
+OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
+
+// X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time.
+// Use |X509_CRL_get0_nextUpdate| or |X509_CRL_set_nextUpdate| instead.
+OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
+
+// X509_CRL_get_issuer returns |crl|'s issuer name. Note this function is not
+// const-correct for legacy reasons.
+OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+
+// X509_CRL_get_REVOKED returns the list of revoked certificates in |crl|.
+//
+// TOOD(davidben): This function was originally a macro, without clear const
+// semantics. It should take a const input and give const output, but the latter
+// would break existing callers. For now, we match upstream.
+OPENSSL_EXPORT STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+
+// X509_CINF_set_modified marks |cinf| as modified so that changes will be
+// reflected in serializing the structure.
+//
+// This function is deprecated and may be removed in the future. It is not
+// present in OpenSSL and constrains some improvements to the library.
+OPENSSL_EXPORT void X509_CINF_set_modified(X509_CINF *cinf);
+
+// X509_CINF_get_signature returns the signature algorithm in |cinf|. Note this
+// isn't the signature itself, but the extra copy of the signature algorithm
+// in the TBSCertificate.
+//
+// This function is deprecated and may be removed in the future. It is not
+// present in OpenSSL and constrains some improvements to the library. Use
+// |X509_get0_tbs_sigalg| instead.
+OPENSSL_EXPORT const X509_ALGOR *X509_CINF_get_signature(const X509_CINF *cinf);
 
 OPENSSL_EXPORT void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
 OPENSSL_EXPORT X509_CRL_METHOD *X509_CRL_METHOD_new(
-	int (*crl_init)(X509_CRL *crl),
-	int (*crl_free)(X509_CRL *crl),
-	int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
-				ASN1_INTEGER *ser, X509_NAME *issuer),
-	int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));
+    int (*crl_init)(X509_CRL *crl), int (*crl_free)(X509_CRL *crl),
+    int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *ser,
+                      X509_NAME *issuer),
+    int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));
 OPENSSL_EXPORT void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
 
 OPENSSL_EXPORT void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
 OPENSSL_EXPORT void *X509_CRL_get_meth_data(X509_CRL *crl);
 
-/* This one is only used so that a binary form can output, as in
- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
-#define 	X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
-
+// X509_get_X509_PUBKEY returns the public key of |x509|. Note this function is
+// not const-correct for legacy reasons. Callers should not modify the returned
+// object.
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509);
 
 OPENSSL_EXPORT const char *X509_verify_cert_error_string(long n);
 
@@ -569,14 +600,16 @@ OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
 OPENSSL_EXPORT int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
 OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
 
-OPENSSL_EXPORT NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
-OPENSSL_EXPORT char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
+OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
+                                                       int len);
+OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
 OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
 OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
 
 OPENSSL_EXPORT int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
 
-OPENSSL_EXPORT int X509_signature_dump(BIO *bp,const ASN1_STRING *sig, int indent);
+OPENSSL_EXPORT int X509_signature_dump(BIO *bp, const ASN1_STRING *sig,
+                                       int indent);
 OPENSSL_EXPORT int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
                                         const ASN1_STRING *sig);
 
@@ -586,39 +619,40 @@ OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
 OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
 OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
 OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
-OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
-
-OPENSSL_EXPORT int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-OPENSSL_EXPORT int X509_digest(const X509 *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
+OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey,
+                                      const EVP_MD *md);
+
+OPENSSL_EXPORT int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                                      unsigned char *md, unsigned int *len);
+OPENSSL_EXPORT int X509_digest(const X509 *data, const EVP_MD *type,
+                               unsigned char *md, unsigned int *len);
+OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+                                   unsigned char *md, unsigned int *len);
+OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                                   unsigned char *md, unsigned int *len);
+OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                                    unsigned char *md, unsigned int *len);
 #endif
 
-/* X509_parse_from_buffer parses an X.509 structure from |buf| and returns a
- * fresh X509 or NULL on error. There must not be any trailing data in |buf|.
- * The returned structure (if any) holds a reference to |buf| rather than
- * copying parts of it as a normal |d2i_X509| call would do. */
+// X509_parse_from_buffer parses an X.509 structure from |buf| and returns a
+// fresh X509 or NULL on error. There must not be any trailing data in |buf|.
+// The returned structure (if any) holds a reference to |buf| rather than
+// copying parts of it as a normal |d2i_X509| call would do.
 OPENSSL_EXPORT X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf);
 
 #ifndef OPENSSL_NO_FP_API
 OPENSSL_EXPORT X509 *d2i_X509_fp(FILE *fp, X509 **x509);
-OPENSSL_EXPORT int i2d_X509_fp(FILE *fp,X509 *x509);
-OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
-OPENSSL_EXPORT int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
-OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
-OPENSSL_EXPORT int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
-OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
-OPENSSL_EXPORT int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
-OPENSSL_EXPORT RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
-OPENSSL_EXPORT int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
-OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
-OPENSSL_EXPORT int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
+OPENSSL_EXPORT int i2d_X509_fp(FILE *fp, X509 *x509);
+OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
+OPENSSL_EXPORT int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
+OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
+OPENSSL_EXPORT int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
+OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
+OPENSSL_EXPORT int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
+OPENSSL_EXPORT RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
+OPENSSL_EXPORT int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
+OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
+OPENSSL_EXPORT int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
 #ifndef OPENSSL_NO_DSA
 OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
 OPENSSL_EXPORT int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
@@ -626,14 +660,15 @@ OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
 OPENSSL_EXPORT int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
 #endif
 OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
-OPENSSL_EXPORT int   i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
+OPENSSL_EXPORT int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
 OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
-OPENSSL_EXPORT int   i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
-OPENSSL_EXPORT X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
-OPENSSL_EXPORT int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
-OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
-						PKCS8_PRIV_KEY_INFO **p8inf);
-OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
+OPENSSL_EXPORT int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
+OPENSSL_EXPORT X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
+OPENSSL_EXPORT int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
+OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(
+    FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf);
+OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+                                              PKCS8_PRIV_KEY_INFO *p8inf);
 OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
 OPENSSL_EXPORT int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
 OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
@@ -641,18 +676,18 @@ OPENSSL_EXPORT int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
 OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 #endif
 
-OPENSSL_EXPORT X509 *d2i_X509_bio(BIO *bp,X509 **x509);
-OPENSSL_EXPORT int i2d_X509_bio(BIO *bp,X509 *x509);
-OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
-OPENSSL_EXPORT int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
-OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
-OPENSSL_EXPORT int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
-OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
-OPENSSL_EXPORT int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
-OPENSSL_EXPORT RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
-OPENSSL_EXPORT int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
-OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
-OPENSSL_EXPORT int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
+OPENSSL_EXPORT X509 *d2i_X509_bio(BIO *bp, X509 **x509);
+OPENSSL_EXPORT int i2d_X509_bio(BIO *bp, X509 *x509);
+OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
+OPENSSL_EXPORT int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
+OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
+OPENSSL_EXPORT int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
+OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
+OPENSSL_EXPORT int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
+OPENSSL_EXPORT RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
+OPENSSL_EXPORT int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
+OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
+OPENSSL_EXPORT int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
 #ifndef OPENSSL_NO_DSA
 OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
 OPENSSL_EXPORT int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
@@ -660,14 +695,15 @@ OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
 OPENSSL_EXPORT int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
 #endif
 OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
-OPENSSL_EXPORT int   i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
+OPENSSL_EXPORT int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
 OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
-OPENSSL_EXPORT int   i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
-OPENSSL_EXPORT X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
-OPENSSL_EXPORT int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
-OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
-						PKCS8_PRIV_KEY_INFO **p8inf);
-OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
+OPENSSL_EXPORT int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
+OPENSSL_EXPORT X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
+OPENSSL_EXPORT int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
+OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(
+    BIO *bp, PKCS8_PRIV_KEY_INFO **p8inf);
+OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+                                               PKCS8_PRIV_KEY_INFO *p8inf);
 OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
 OPENSSL_EXPORT int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
 OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
@@ -683,7 +719,8 @@ OPENSSL_EXPORT X509_CRL *X509_CRL_dup(X509_CRL *crl);
 OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
 OPENSSL_EXPORT X509_REQ *X509_REQ_dup(X509_REQ *req);
 OPENSSL_EXPORT X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
-OPENSSL_EXPORT int X509_ALGOR_set0(X509_ALGOR *alg, const ASN1_OBJECT *aobj, int ptype, void *pval);
+OPENSSL_EXPORT int X509_ALGOR_set0(X509_ALGOR *alg, const ASN1_OBJECT *aobj,
+                                   int ptype, void *pval);
 OPENSSL_EXPORT void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
                                     const void **ppval,
                                     const X509_ALGOR *algor);
@@ -697,50 +734,53 @@ OPENSSL_EXPORT int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
 OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
                                       size_t *pderlen);
 
-OPENSSL_EXPORT int		X509_cmp_time(const ASN1_TIME *s, time_t *t);
-OPENSSL_EXPORT int		X509_cmp_current_time(const ASN1_TIME *s);
-OPENSSL_EXPORT ASN1_TIME *	X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
-OPENSSL_EXPORT ASN1_TIME *	X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec, time_t *t);
-OPENSSL_EXPORT ASN1_TIME *	X509_gmtime_adj(ASN1_TIME *s, long adj);
+OPENSSL_EXPORT int X509_cmp_time(const ASN1_TIME *s, time_t *t);
+OPENSSL_EXPORT int X509_cmp_current_time(const ASN1_TIME *s);
+OPENSSL_EXPORT ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+OPENSSL_EXPORT ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, int offset_day,
+                                           long offset_sec, time_t *t);
+OPENSSL_EXPORT ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
 
-OPENSSL_EXPORT const char *	X509_get_default_cert_area(void );
-OPENSSL_EXPORT const char *	X509_get_default_cert_dir(void );
-OPENSSL_EXPORT const char *	X509_get_default_cert_file(void );
-OPENSSL_EXPORT const char *	X509_get_default_cert_dir_env(void );
-OPENSSL_EXPORT const char *	X509_get_default_cert_file_env(void );
-OPENSSL_EXPORT const char *	X509_get_default_private_dir(void );
+OPENSSL_EXPORT const char *X509_get_default_cert_area(void);
+OPENSSL_EXPORT const char *X509_get_default_cert_dir(void);
+OPENSSL_EXPORT const char *X509_get_default_cert_file(void);
+OPENSSL_EXPORT const char *X509_get_default_cert_dir_env(void);
+OPENSSL_EXPORT const char *X509_get_default_cert_file_env(void);
+OPENSSL_EXPORT const char *X509_get_default_private_dir(void);
 
-OPENSSL_EXPORT X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-OPENSSL_EXPORT X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
+OPENSSL_EXPORT X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey,
+                                          const EVP_MD *md);
+OPENSSL_EXPORT X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey);
 
 DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
 DECLARE_ASN1_FUNCTIONS(X509_VAL)
 
 DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
 
-OPENSSL_EXPORT int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
-OPENSSL_EXPORT EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
-OPENSSL_EXPORT int		i2d_PUBKEY(const EVP_PKEY *a,unsigned char **pp);
-OPENSSL_EXPORT EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,
-			long length);
-OPENSSL_EXPORT int		i2d_RSA_PUBKEY(const RSA *a,unsigned char **pp);
-OPENSSL_EXPORT RSA *		d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp,
-			long length);
+OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+OPENSSL_EXPORT int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp);
+OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
+                                    long length);
+OPENSSL_EXPORT int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp);
+OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
+                                   long length);
 #ifndef OPENSSL_NO_DSA
-OPENSSL_EXPORT int		i2d_DSA_PUBKEY(const DSA *a,unsigned char **pp);
-OPENSSL_EXPORT DSA *		d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp,
-			long length);
+OPENSSL_EXPORT int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
+OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
+                                   long length);
 #endif
-OPENSSL_EXPORT int		i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp);
-OPENSSL_EXPORT EC_KEY 		*d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
-			long length);
+OPENSSL_EXPORT int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp);
+OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
+                                     long length);
 
 DECLARE_ASN1_FUNCTIONS(X509_SIG)
 DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
 DECLARE_ASN1_FUNCTIONS(X509_REQ)
 
 DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype,
+                                                     void *value);
 
 DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
 DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
@@ -749,22 +789,25 @@ DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
 
 DECLARE_ASN1_FUNCTIONS(X509_NAME)
 
-OPENSSL_EXPORT int		X509_NAME_set(X509_NAME **xn, X509_NAME *name);
+OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
 
 DECLARE_ASN1_FUNCTIONS(X509_CINF)
 
 DECLARE_ASN1_FUNCTIONS(X509)
 DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
 
-/* X509_up_ref adds one to the reference count of |x| and returns one. */
+// X509_up_ref adds one to the reference count of |x| and returns one.
 OPENSSL_EXPORT int X509_up_ref(X509 *x);
 
-OPENSSL_EXPORT int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
-	     CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func);
+OPENSSL_EXPORT int X509_get_ex_new_index(long argl, void *argp,
+                                         CRYPTO_EX_unused *unused,
+                                         CRYPTO_EX_dup *dup_unused,
+                                         CRYPTO_EX_free *free_func);
 OPENSSL_EXPORT int X509_set_ex_data(X509 *r, int idx, void *arg);
 OPENSSL_EXPORT void *X509_get_ex_data(X509 *r, int idx);
-OPENSSL_EXPORT int		i2d_X509_AUX(X509 *a,unsigned char **pp);
-OPENSSL_EXPORT X509 *		d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
+OPENSSL_EXPORT int i2d_X509_AUX(X509 *a, unsigned char **pp);
+OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp,
+                                  long length);
 
 OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
 
@@ -774,9 +817,11 @@ OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x);
 
 OPENSSL_EXPORT int X509_alias_set1(X509 *x, unsigned char *name, int len);
 OPENSSL_EXPORT int X509_keyid_set1(X509 *x, unsigned char *id, int len);
-OPENSSL_EXPORT unsigned char * X509_alias_get0(X509 *x, int *len);
-OPENSSL_EXPORT unsigned char * X509_keyid_get0(X509 *x, int *len);
-OPENSSL_EXPORT int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
+OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x, int *len);
+OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x, int *len);
+OPENSSL_EXPORT int (*X509_TRUST_set_default(int (*trust)(int, X509 *,
+                                                         int)))(int, X509 *,
+                                                                int);
 OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
 OPENSSL_EXPORT int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
 OPENSSL_EXPORT int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
@@ -788,90 +833,100 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
 DECLARE_ASN1_FUNCTIONS(X509_CRL)
 
 OPENSSL_EXPORT int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl,
-		X509_REVOKED **ret, ASN1_INTEGER *serial);
-OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
+OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
+                                           ASN1_INTEGER *serial);
+OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret,
+                                         X509 *x);
 
-OPENSSL_EXPORT X509_PKEY *	X509_PKEY_new(void );
-OPENSSL_EXPORT void		X509_PKEY_free(X509_PKEY *a);
+OPENSSL_EXPORT X509_PKEY *X509_PKEY_new(void);
+OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a);
 
 DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
 DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
 
 #ifndef OPENSSL_NO_EVP
-OPENSSL_EXPORT X509_INFO *	X509_INFO_new(void);
-OPENSSL_EXPORT void		X509_INFO_free(X509_INFO *a);
-OPENSSL_EXPORT char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+OPENSSL_EXPORT X509_INFO *X509_INFO_new(void);
+OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a);
+OPENSSL_EXPORT char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
 
-OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data,
-		unsigned char *md,unsigned int *len);
+OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+                               unsigned char *md, unsigned int *len);
 
-OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
-	unsigned char *md,unsigned int *len);
+OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type,
+                                    void *data, unsigned char *md,
+                                    unsigned int *len);
 
 OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
-	ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
-
-OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
-	ASN1_BIT_STRING *signature,
-	void *data, EVP_PKEY *pkey, const EVP_MD *type);
-OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it,
-		X509_ALGOR *algor1, X509_ALGOR *algor2,
-	     	ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx);
+                                    ASN1_BIT_STRING *signature, void *data,
+                                    EVP_PKEY *pkey);
+
+OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                                  X509_ALGOR *algor2,
+                                  ASN1_BIT_STRING *signature, void *data,
+                                  EVP_PKEY *pkey, const EVP_MD *type);
+OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                                      X509_ALGOR *algor2,
+                                      ASN1_BIT_STRING *signature, void *asn,
+                                      EVP_MD_CTX *ctx);
 #endif
 
-OPENSSL_EXPORT int 		X509_set_version(X509 *x,long version);
-OPENSSL_EXPORT int 		X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
-OPENSSL_EXPORT ASN1_INTEGER *	X509_get_serialNumber(X509 *x);
-OPENSSL_EXPORT int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
-OPENSSL_EXPORT X509_NAME *	X509_get_issuer_name(X509 *a);
-OPENSSL_EXPORT int 		X509_set_subject_name(X509 *x, X509_NAME *name);
-OPENSSL_EXPORT X509_NAME *	X509_get_subject_name(X509 *a);
-OPENSSL_EXPORT int 		X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
+OPENSSL_EXPORT int X509_set_version(X509 *x, long version);
+OPENSSL_EXPORT int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+OPENSSL_EXPORT int X509_set_issuer_name(X509 *x, X509_NAME *name);
+OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(X509 *a);
+OPENSSL_EXPORT int X509_set_subject_name(X509 *x, X509_NAME *name);
+OPENSSL_EXPORT X509_NAME *X509_get_subject_name(X509 *a);
+OPENSSL_EXPORT int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
 OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x);
 OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x);
-OPENSSL_EXPORT int 		X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
+OPENSSL_EXPORT int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
 OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x);
 OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x);
-OPENSSL_EXPORT int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
-OPENSSL_EXPORT EVP_PKEY *	X509_get_pubkey(X509 *x);
-OPENSSL_EXPORT ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
-OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x);
+OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
+OPENSSL_EXPORT STACK_OF(X509_EXTENSION) * X509_get0_extensions(const X509 *x);
 OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
 
-OPENSSL_EXPORT int		X509_REQ_set_version(X509_REQ *x,long version);
-OPENSSL_EXPORT int		X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
+OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *x, long version);
+OPENSSL_EXPORT int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
 OPENSSL_EXPORT void X509_REQ_get0_signature(const X509_REQ *req,
                                             const ASN1_BIT_STRING **psig,
                                             const X509_ALGOR **palg);
 OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req);
 OPENSSL_EXPORT int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
-OPENSSL_EXPORT int		X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
-OPENSSL_EXPORT EVP_PKEY *	X509_REQ_get_pubkey(X509_REQ *req);
-OPENSSL_EXPORT int		X509_REQ_extension_nid(int nid);
-OPENSSL_EXPORT const int *	X509_REQ_get_extension_nids(void);
-OPENSSL_EXPORT void		X509_REQ_set_extension_nids(const int *nids);
-OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
-OPENSSL_EXPORT int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
-				int nid);
-OPENSSL_EXPORT int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
+OPENSSL_EXPORT int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+OPENSSL_EXPORT int X509_REQ_extension_nid(int nid);
+OPENSSL_EXPORT const int *X509_REQ_get_extension_nids(void);
+OPENSSL_EXPORT void X509_REQ_set_extension_nids(const int *nids);
+OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *
+    X509_REQ_get_extensions(X509_REQ *req);
+OPENSSL_EXPORT int X509_REQ_add_extensions_nid(X509_REQ *req,
+                                               STACK_OF(X509_EXTENSION) * exts,
+                                               int nid);
+OPENSSL_EXPORT int X509_REQ_add_extensions(X509_REQ *req,
+                                           STACK_OF(X509_EXTENSION) * exts);
 OPENSSL_EXPORT int X509_REQ_get_attr_count(const X509_REQ *req);
 OPENSSL_EXPORT int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
-			  int lastpos);
-OPENSSL_EXPORT int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
-			  int lastpos);
+                                            int lastpos);
+OPENSSL_EXPORT int X509_REQ_get_attr_by_OBJ(const X509_REQ *req,
+                                            ASN1_OBJECT *obj, int lastpos);
 OPENSSL_EXPORT X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
 OPENSSL_EXPORT X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
 OPENSSL_EXPORT int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
 OPENSSL_EXPORT int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len);
-OPENSSL_EXPORT int X509_REQ_add1_attr_by_NID(X509_REQ *req,
-			int nid, int type,
-			const unsigned char *bytes, int len);
+                                             const ASN1_OBJECT *obj, int type,
+                                             const unsigned char *bytes,
+                                             int len);
+OPENSSL_EXPORT int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type,
+                                             const unsigned char *bytes,
+                                             int len);
 OPENSSL_EXPORT int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len);
+                                             const char *attrname, int type,
+                                             const unsigned char *bytes,
+                                             int len);
 
 OPENSSL_EXPORT int X509_CRL_set_version(X509_CRL *x, long version);
 OPENSSL_EXPORT int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
@@ -888,225 +943,271 @@ OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
 
 OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(
     const X509_REVOKED *x);
-OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *x,
+                                                 ASN1_INTEGER *serial);
 OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate(
     const X509_REVOKED *x);
-OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *r,
+                                                   ASN1_TIME *tm);
 
 OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
-			EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
+                                       EVP_PKEY *skey, const EVP_MD *md,
+                                       unsigned int flags);
 
-OPENSSL_EXPORT int		X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
+OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
 
-OPENSSL_EXPORT int		X509_check_private_key(X509 *x509, const EVP_PKEY *pkey);
-OPENSSL_EXPORT int 		X509_chain_check_suiteb(int *perror_depth,
-						X509 *x, STACK_OF(X509) *chain,
-						unsigned long flags);
-OPENSSL_EXPORT int 		X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk,
-						unsigned long flags);
-OPENSSL_EXPORT STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
+OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey);
+OPENSSL_EXPORT int X509_chain_check_suiteb(int *perror_depth, X509 *x,
+                                           STACK_OF(X509) * chain,
+                                           unsigned long flags);
+OPENSSL_EXPORT int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk,
+                                         unsigned long flags);
+OPENSSL_EXPORT STACK_OF(X509) * X509_chain_up_ref(STACK_OF(X509) * chain);
 
-OPENSSL_EXPORT int		X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
-OPENSSL_EXPORT unsigned long	X509_issuer_and_serial_hash(X509 *a);
+OPENSSL_EXPORT int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+OPENSSL_EXPORT unsigned long X509_issuer_and_serial_hash(X509 *a);
 
-OPENSSL_EXPORT int		X509_issuer_name_cmp(const X509 *a, const X509 *b);
-OPENSSL_EXPORT unsigned long	X509_issuer_name_hash(X509 *a);
+OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+OPENSSL_EXPORT unsigned long X509_issuer_name_hash(X509 *a);
 
-OPENSSL_EXPORT int		X509_subject_name_cmp(const X509 *a, const X509 *b);
-OPENSSL_EXPORT unsigned long	X509_subject_name_hash(X509 *x);
+OPENSSL_EXPORT int X509_subject_name_cmp(const X509 *a, const X509 *b);
+OPENSSL_EXPORT unsigned long X509_subject_name_hash(X509 *x);
 
-OPENSSL_EXPORT unsigned long	X509_issuer_name_hash_old(X509 *a);
-OPENSSL_EXPORT unsigned long	X509_subject_name_hash_old(X509 *x);
+OPENSSL_EXPORT unsigned long X509_issuer_name_hash_old(X509 *a);
+OPENSSL_EXPORT unsigned long X509_subject_name_hash_old(X509 *x);
 
-OPENSSL_EXPORT int		X509_cmp(const X509 *a, const X509 *b);
-OPENSSL_EXPORT int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
-OPENSSL_EXPORT unsigned long	X509_NAME_hash(X509_NAME *x);
-OPENSSL_EXPORT unsigned long	X509_NAME_hash_old(X509_NAME *x);
+OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b);
+OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+OPENSSL_EXPORT unsigned long X509_NAME_hash(X509_NAME *x);
+OPENSSL_EXPORT unsigned long X509_NAME_hash_old(X509_NAME *x);
 
-OPENSSL_EXPORT int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
-OPENSSL_EXPORT int		X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
+OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+OPENSSL_EXPORT int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
 #ifndef OPENSSL_NO_FP_API
-OPENSSL_EXPORT int		X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
-OPENSSL_EXPORT int		X509_print_fp(FILE *bp,X509 *x);
-OPENSSL_EXPORT int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
-OPENSSL_EXPORT int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
-OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
+OPENSSL_EXPORT int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
+                                    unsigned long cflag);
+OPENSSL_EXPORT int X509_print_fp(FILE *bp, X509 *x);
+OPENSSL_EXPORT int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
+OPENSSL_EXPORT int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
+OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
+                                         unsigned long flags);
 #endif
 
-OPENSSL_EXPORT int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
-OPENSSL_EXPORT int		X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
-OPENSSL_EXPORT int		X509_print(BIO *bp,X509 *x);
-OPENSSL_EXPORT int		X509_ocspid_print(BIO *bp,X509 *x);
-OPENSSL_EXPORT int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
-OPENSSL_EXPORT int		X509_CRL_print(BIO *bp,X509_CRL *x);
-OPENSSL_EXPORT int		X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
-OPENSSL_EXPORT int		X509_REQ_print(BIO *bp,X509_REQ *req);
-
-OPENSSL_EXPORT int 		X509_NAME_entry_count(X509_NAME *name);
-OPENSSL_EXPORT int 		X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
-			char *buf,int len);
-OPENSSL_EXPORT int		X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
-			char *buf,int len);
-
-/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
- * lastpos, search after that position on. */
-OPENSSL_EXPORT int 		X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-OPENSSL_EXPORT int 		X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
-			int lastpos);
+OPENSSL_EXPORT int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
+                                      unsigned long flags);
+OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
+                                 unsigned long cflag);
+OPENSSL_EXPORT int X509_print(BIO *bp, X509 *x);
+OPENSSL_EXPORT int X509_ocspid_print(BIO *bp, X509 *x);
+OPENSSL_EXPORT int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
+OPENSSL_EXPORT int X509_CRL_print(BIO *bp, X509_CRL *x);
+OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
+                                     unsigned long cflag);
+OPENSSL_EXPORT int X509_REQ_print(BIO *bp, X509_REQ *req);
+
+OPENSSL_EXPORT int X509_NAME_entry_count(X509_NAME *name);
+OPENSSL_EXPORT int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
+                                             char *buf, int len);
+OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(X509_NAME *name,
+                                             const ASN1_OBJECT *obj, char *buf,
+                                             int len);
+
+// NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
+// lastpos, search after that position on.
+OPENSSL_EXPORT int X509_NAME_get_index_by_NID(X509_NAME *name, int nid,
+                                              int lastpos);
+OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(X509_NAME *name,
+                                              const ASN1_OBJECT *obj,
+                                              int lastpos);
 OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-OPENSSL_EXPORT int 		X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
-			int loc, int set);
-OPENSSL_EXPORT int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len, int loc, int set);
-OPENSSL_EXPORT int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-			const unsigned char *bytes, int len, int loc, int set);
-OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
-		const char *field, int type, const unsigned char *bytes, int len);
-OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-			int type, const unsigned char *bytes, int len);
-OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
-			const unsigned char *bytes, int len, int loc, int set);
-OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-			const ASN1_OBJECT *obj, int type,const unsigned char *bytes,
-			int len);
-OPENSSL_EXPORT int 		X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
-			const ASN1_OBJECT *obj);
-OPENSSL_EXPORT int 		X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
-			const unsigned char *bytes, int len);
-OPENSSL_EXPORT ASN1_OBJECT *	X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-OPENSSL_EXPORT ASN1_STRING *	X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-
-OPENSSL_EXPORT int		X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
-OPENSSL_EXPORT int		X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
-				      int nid, int lastpos);
-OPENSSL_EXPORT int		X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
-				      const ASN1_OBJECT *obj,int lastpos);
-OPENSSL_EXPORT int		X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
-					   int crit, int lastpos);
-OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
-OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
-OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
-					 X509_EXTENSION *ex, int loc);
-
-OPENSSL_EXPORT int		X509_get_ext_count(X509 *x);
-OPENSSL_EXPORT int		X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-OPENSSL_EXPORT int		X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
-OPENSSL_EXPORT int		X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
+OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name,
+                                                       int loc);
+OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
+                                       int loc, int set);
+OPENSSL_EXPORT int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+                                              int type,
+                                              const unsigned char *bytes,
+                                              int len, int loc, int set);
+OPENSSL_EXPORT int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid,
+                                              int type,
+                                              const unsigned char *bytes,
+                                              int len, int loc, int set);
+OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(
+    X509_NAME_ENTRY **ne, const char *field, int type,
+    const unsigned char *bytes, int len);
+OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(
+    X509_NAME_ENTRY **ne, int nid, int type, const unsigned char *bytes,
+    int len);
+OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name,
+                                              const char *field, int type,
+                                              const unsigned char *bytes,
+                                              int len, int loc, int set);
+OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(
+    X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj, int type,
+    const unsigned char *bytes, int len);
+OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
+                                              const ASN1_OBJECT *obj);
+OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                                            const unsigned char *bytes,
+                                            int len);
+OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+
+OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) * x);
+OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) * x,
+                                         int nid, int lastpos);
+OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) * x,
+                                         const ASN1_OBJECT *obj, int lastpos);
+OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *
+                                                  x,
+                                              int crit, int lastpos);
+OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *
+                                                  x,
+                                              int loc);
+OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) * x,
+                                                 int loc);
+OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *
+    X509v3_add_ext(STACK_OF(X509_EXTENSION) * *x, X509_EXTENSION *ex, int loc);
+
+OPENSSL_EXPORT int X509_get_ext_count(X509 *x);
+OPENSSL_EXPORT int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
+OPENSSL_EXPORT int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
+OPENSSL_EXPORT int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
 OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(X509 *x, int loc);
 OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
-OPENSSL_EXPORT int		X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-OPENSSL_EXPORT void	*	X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-OPENSSL_EXPORT int		X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
-							unsigned long flags);
-
-OPENSSL_EXPORT int		X509_CRL_get_ext_count(X509_CRL *x);
-OPENSSL_EXPORT int		X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
-OPENSSL_EXPORT int		X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
-OPENSSL_EXPORT int		X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
+OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+OPENSSL_EXPORT void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                                     unsigned long flags);
+
+OPENSSL_EXPORT int X509_CRL_get_ext_count(X509_CRL *x);
+OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
+OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj,
+                                           int lastpos);
+OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit,
+                                                int lastpos);
 OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
 OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
-OPENSSL_EXPORT int		X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
-OPENSSL_EXPORT void	*	X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-OPENSSL_EXPORT int		X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
-							unsigned long flags);
-
-OPENSSL_EXPORT int		X509_REVOKED_get_ext_count(X509_REVOKED *x);
-OPENSSL_EXPORT int		X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
-OPENSSL_EXPORT int		X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
-OPENSSL_EXPORT int		X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
+OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit,
+                                          int *idx);
+OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value,
+                                         int crit, unsigned long flags);
+
+OPENSSL_EXPORT int X509_REVOKED_get_ext_count(X509_REVOKED *x);
+OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid,
+                                               int lastpos);
+OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,
+                                               ASN1_OBJECT *obj, int lastpos);
+OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit,
+                                                    int lastpos);
 OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
-OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
-OPENSSL_EXPORT int		X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
-OPENSSL_EXPORT void	*	X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-OPENSSL_EXPORT int		X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
-							unsigned long flags);
-
-OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
-			int nid, int crit, ASN1_OCTET_STRING *data);
-OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
-			const ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
-OPENSSL_EXPORT int		X509_EXTENSION_set_object(X509_EXTENSION *ex,const ASN1_OBJECT *obj);
-OPENSSL_EXPORT int		X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
-OPENSSL_EXPORT int		X509_EXTENSION_set_data(X509_EXTENSION *ex,
-			ASN1_OCTET_STRING *data);
-OPENSSL_EXPORT ASN1_OBJECT *	X509_EXTENSION_get_object(X509_EXTENSION *ex);
+OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
+                                                       int loc);
+OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex,
+                                        int loc);
+OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid,
+                                              int *crit, int *idx);
+OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
+                                             void *value, int crit,
+                                             unsigned long flags);
+
+OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID(
+    X509_EXTENSION **ex, int nid, int crit, ASN1_OCTET_STRING *data);
+OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ(
+    X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit,
+    ASN1_OCTET_STRING *data);
+OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex,
+                                             const ASN1_OBJECT *obj);
+OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex,
+                                           ASN1_OCTET_STRING *data);
+OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
 OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
-OPENSSL_EXPORT int		X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-
-OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
-OPENSSL_EXPORT int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-			  int lastpos);
-OPENSSL_EXPORT int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, const ASN1_OBJECT *obj,
-			  int lastpos);
-OPENSSL_EXPORT X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
-OPENSSL_EXPORT X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
-OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-					 X509_ATTRIBUTE *attr);
-OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len);
-OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
-			int nid, int type,
-			const unsigned char *bytes, int len);
-OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len);
-OPENSSL_EXPORT void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
-				ASN1_OBJECT *obj, int lastpos, int type);
-OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-	     int atrtype, const void *data, int len);
-OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
-OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-		const char *atrname, int type, const unsigned char *bytes, int len);
-OPENSSL_EXPORT int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
-OPENSSL_EXPORT int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
+OPENSSL_EXPORT int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
+
+OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) * x);
+OPENSSL_EXPORT int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) * x,
+                                          int nid, int lastpos);
+OPENSSL_EXPORT int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) * sk,
+                                          const ASN1_OBJECT *obj, int lastpos);
+OPENSSL_EXPORT X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *
+                                                   x,
+                                               int loc);
+OPENSSL_EXPORT X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) * x,
+                                                  int loc);
+OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *
+    X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) * *x, X509_ATTRIBUTE *attr);
+OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *
+    X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) * *x,
+                            const ASN1_OBJECT *obj, int type,
+                            const unsigned char *bytes, int len);
+OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *
+    X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) * *x, int nid, int type,
+                            const unsigned char *bytes, int len);
+OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *
+    X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) * *x, const char *attrname,
+                            int type, const unsigned char *bytes, int len);
+OPENSSL_EXPORT void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) * x,
+                                             ASN1_OBJECT *obj, int lastpos,
+                                             int type);
+OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(
+    X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, int len);
+OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(
+    X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj, int atrtype,
+    const void *data, int len);
+OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(
+    X509_ATTRIBUTE **attr, const char *atrname, int type,
+    const unsigned char *bytes, int len);
+OPENSSL_EXPORT int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr,
+                                              const ASN1_OBJECT *obj);
+OPENSSL_EXPORT int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+                                            const void *data, int len);
 OPENSSL_EXPORT void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
-					int atrtype, void *data);
+                                              int atrtype, void *data);
 OPENSSL_EXPORT int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
 OPENSSL_EXPORT ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
-OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
+OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr,
+                                                   int idx);
 
-OPENSSL_EXPORT int		X509_verify_cert(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx);
 
-/* lookup a cert from a X509 STACK */
-OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
-				     ASN1_INTEGER *serial);
-OPENSSL_EXPORT X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
+// lookup a cert from a X509 STACK
+OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) * sk,
+                                                    X509_NAME *name,
+                                                    ASN1_INTEGER *serial);
+OPENSSL_EXPORT X509 *X509_find_by_subject(STACK_OF(X509) * sk, X509_NAME *name);
 
-/* PKCS#8 utilities */
+// PKCS#8 utilities
 
 DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
 
 OPENSSL_EXPORT EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
 OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
-OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
-OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
 
 OPENSSL_EXPORT int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
-			int version, int ptype, void *pval,
-				unsigned char *penc, int penclen);
+                                   int version, int ptype, void *pval,
+                                   unsigned char *penc, int penclen);
 OPENSSL_EXPORT int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
-		const unsigned char **pk, int *ppklen,
-		X509_ALGOR **pa,
-		PKCS8_PRIV_KEY_INFO *p8);
+                                   const unsigned char **pk, int *ppklen,
+                                   X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8);
 
-OPENSSL_EXPORT int X509_PUBKEY_set0_param(X509_PUBKEY *pub, const ASN1_OBJECT *aobj,
-					int ptype, void *pval,
-					unsigned char *penc, int penclen);
+OPENSSL_EXPORT int X509_PUBKEY_set0_param(X509_PUBKEY *pub,
+                                          const ASN1_OBJECT *aobj, int ptype,
+                                          void *pval, unsigned char *penc,
+                                          int penclen);
 OPENSSL_EXPORT int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
-		const unsigned char **pk, int *ppklen,
-		X509_ALGOR **pa,
-		X509_PUBKEY *pub);
+                                          const unsigned char **pk, int *ppklen,
+                                          X509_ALGOR **pa, X509_PUBKEY *pub);
 
 OPENSSL_EXPORT int X509_check_trust(X509 *x, int id, int flags);
 OPENSSL_EXPORT int X509_TRUST_get_count(void);
-OPENSSL_EXPORT X509_TRUST * X509_TRUST_get0(int idx);
+OPENSSL_EXPORT X509_TRUST *X509_TRUST_get0(int idx);
 OPENSSL_EXPORT int X509_TRUST_get_by_id(int id);
-OPENSSL_EXPORT int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
-					char *name, int arg1, void *arg2);
+OPENSSL_EXPORT int X509_TRUST_add(int id, int flags,
+                                  int (*ck)(X509_TRUST *, X509 *, int),
+                                  char *name, int arg1, void *arg2);
 OPENSSL_EXPORT void X509_TRUST_cleanup(void);
 OPENSSL_EXPORT int X509_TRUST_get_flags(X509_TRUST *xp);
 OPENSSL_EXPORT char *X509_TRUST_get0_name(X509_TRUST *xp);
@@ -1124,7 +1225,7 @@ DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
 
 
 
-#ifdef  __cplusplus
+#ifdef __cplusplus
 }
 #endif
 
@@ -1162,8 +1263,8 @@ using ScopedX509_STORE_CTX =
 
 BSSL_NAMESPACE_END
 
-}  /* extern C++ */
-#endif  /* !BORINGSSL_NO_CXX */
+}  // extern C++
+#endif  // !BORINGSSL_NO_CXX
 
 #define X509_R_AKID_MISMATCH 100
 #define X509_R_BAD_PKCS7_VERSION 101
@@ -1203,5 +1304,8 @@ BSSL_NAMESPACE_END
 #define X509_R_NAME_TOO_LONG 135
 #define X509_R_INVALID_PARAMETER 136
 #define X509_R_SIGNATURE_ALGORITHM_MISMATCH 137
+#define X509_R_DELTA_CRL_WITHOUT_CRL_NUMBER 138
+#define X509_R_INVALID_FIELD_FOR_VERSION 139
+#define X509_R_INVALID_VERSION 140
 
 #endif
diff --git a/chromium/third_party/boringssl/src/sources.cmake b/chromium/third_party/boringssl/src/sources.cmake
index a21825cd32f..a5f2d2105fd 100644
--- a/chromium/third_party/boringssl/src/sources.cmake
+++ b/chromium/third_party/boringssl/src/sources.cmake
@@ -57,13 +57,37 @@ set(
   crypto/hmac_extra/hmac_tests.txt
   crypto/poly1305/poly1305_tests.txt
   crypto/siphash/siphash_tests.txt
-  crypto/x509/many_constraints.pem
-  crypto/x509/many_names1.pem
-  crypto/x509/many_names2.pem
-  crypto/x509/many_names3.pem
-  crypto/x509/some_names1.pem
-  crypto/x509/some_names2.pem
-  crypto/x509/some_names3.pem
+  crypto/x509/test/invalid_extension_intermediate.pem
+  crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem
+  crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem
+  crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem
+  crypto/x509/test/invalid_extension_intermediate_key_usage.pem
+  crypto/x509/test/invalid_extension_intermediate_name_constraints.pem
+  crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem
+  crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem
+  crypto/x509/test/invalid_extension_leaf.pem
+  crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem
+  crypto/x509/test/invalid_extension_leaf_basic_constraints.pem
+  crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem
+  crypto/x509/test/invalid_extension_leaf_key_usage.pem
+  crypto/x509/test/invalid_extension_leaf_name_constraints.pem
+  crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem
+  crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem
+  crypto/x509/test/invalid_extension_root.pem
+  crypto/x509/test/invalid_extension_root_authority_key_identifier.pem
+  crypto/x509/test/invalid_extension_root_basic_constraints.pem
+  crypto/x509/test/invalid_extension_root_ext_key_usage.pem
+  crypto/x509/test/invalid_extension_root_key_usage.pem
+  crypto/x509/test/invalid_extension_root_name_constraints.pem
+  crypto/x509/test/invalid_extension_root_subject_alt_name.pem
+  crypto/x509/test/invalid_extension_root_subject_key_identifier.pem
+  crypto/x509/test/many_constraints.pem
+  crypto/x509/test/many_names1.pem
+  crypto/x509/test/many_names2.pem
+  crypto/x509/test/many_names3.pem
+  crypto/x509/test/some_names1.pem
+  crypto/x509/test/some_names2.pem
+  crypto/x509/test/some_names3.pem
   third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt
   third_party/wycheproof_testvectors/aes_cmac_test.txt
   third_party/wycheproof_testvectors/aes_gcm_siv_test.txt
diff --git a/chromium/third_party/boringssl/src/ssl/handshake_client.cc b/chromium/third_party/boringssl/src/ssl/handshake_client.cc
index 9625b8e8d04..670e476434d 100644
--- a/chromium/third_party/boringssl/src/ssl/handshake_client.cc
+++ b/chromium/third_party/boringssl/src/ssl/handshake_client.cc
@@ -1268,10 +1268,10 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
   uint32_t alg_k = hs->new_cipher->algorithm_mkey;
   uint32_t alg_a = hs->new_cipher->algorithm_auth;
   if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
-    CRYPTO_BUFFER *leaf =
+    const CRYPTO_BUFFER *leaf =
         sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0);
     CBS leaf_cbs;
-    CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf));
+    CRYPTO_BUFFER_init_CBS(leaf, &leaf_cbs);
 
     // Check the key usage matches the cipher suite. We do this unconditionally
     // for non-RSA certificates. In particular, it's needed to distinguish ECDH
diff --git a/chromium/third_party/boringssl/src/ssl/handshake_server.cc b/chromium/third_party/boringssl/src/ssl/handshake_server.cc
index 924701f68f2..24894289539 100644
--- a/chromium/third_party/boringssl/src/ssl/handshake_server.cc
+++ b/chromium/third_party/boringssl/src/ssl/handshake_server.cc
@@ -1436,6 +1436,15 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) {
     return ssl_hs_error;
   }
 
+  // The peer certificate must be valid for signing.
+  const CRYPTO_BUFFER *leaf =
+      sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0);
+  CBS leaf_cbs;
+  CRYPTO_BUFFER_init_CBS(leaf, &leaf_cbs);
+  if (!ssl_cert_check_key_usage(&leaf_cbs, key_usage_digital_signature)) {
+    return ssl_hs_error;
+  }
+
   CBS certificate_verify = msg.body, signature;
 
   // Determine the signature algorithm.
diff --git a/chromium/third_party/boringssl/src/ssl/internal.h b/chromium/third_party/boringssl/src/ssl/internal.h
index e1b0925b49f..182b02f6ad9 100644
--- a/chromium/third_party/boringssl/src/ssl/internal.h
+++ b/chromium/third_party/boringssl/src/ssl/internal.h
@@ -1863,6 +1863,8 @@ enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs);
 
 bool tls13_add_finished(SSL_HANDSHAKE *hs);
 bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg);
+bssl::UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl,
+                                                              CBS *body);
 
 bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
                                          Array<uint8_t> *out_secret,
@@ -2740,11 +2742,6 @@ struct SSL_CONFIG {
   bool jdk11_workaround : 1;
 };
 
-// Computes a SHA-256 hash of the transport parameters and early data context
-// for QUIC, putting the hash in |SHA256_DIGEST_LENGTH| bytes at |hash_out|.
-bool compute_quic_early_data_hash(const SSL_CONFIG *config,
-                                  uint8_t hash_out[SHA256_DIGEST_LENGTH]);
-
 // From RFC 8446, used in determining PSK modes.
 #define SSL_PSK_DHE_KE 0x1
 
@@ -3559,9 +3556,9 @@ struct ssl_session_st {
   // is_quic indicates whether this session was created using QUIC.
   bool is_quic : 1;
 
-  // quic_early_data_hash is used to determine whether early data must be
+  // quic_early_data_context is used to determine whether early data must be
   // rejected when performing a QUIC handshake.
-  bssl::Array<uint8_t> quic_early_data_hash;
+  bssl::Array<uint8_t> quic_early_data_context;
 
  private:
   ~ssl_session_st();
diff --git a/chromium/third_party/boringssl/src/ssl/ssl_asn1.cc b/chromium/third_party/boringssl/src/ssl/ssl_asn1.cc
index 7401d099292..e6274f1bf9d 100644
--- a/chromium/third_party/boringssl/src/ssl/ssl_asn1.cc
+++ b/chromium/third_party/boringssl/src/ssl/ssl_asn1.cc
@@ -192,7 +192,7 @@ static const unsigned kEarlyALPNTag =
     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 26;
 static const unsigned kIsQuicTag =
     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 27;
-static const unsigned kQuicEarlyDataHashTag =
+static const unsigned kQuicEarlyDataContextTag =
     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 28;
 
 static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
@@ -402,10 +402,10 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
     }
   }
 
-  if (!in->quic_early_data_hash.empty()) {
-    if (!CBB_add_asn1(&session, &child, kQuicEarlyDataHashTag) ||
-        !CBB_add_asn1_octet_string(&child, in->quic_early_data_hash.data(),
-                                   in->quic_early_data_hash.size())) {
+  if (!in->quic_early_data_context.empty()) {
+    if (!CBB_add_asn1(&session, &child, kQuicEarlyDataContextTag) ||
+        !CBB_add_asn1_octet_string(&child, in->quic_early_data_context.data(),
+                                   in->quic_early_data_context.size())) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
@@ -752,8 +752,8 @@ UniquePtr<SSL_SESSION> SSL_SESSION_parse(CBS *cbs,
                                       kEarlyALPNTag) ||
       !CBS_get_optional_asn1_bool(&session, &is_quic, kIsQuicTag,
                                   /*default_value=*/false) ||
-      !SSL_SESSION_parse_octet_string(&session, &ret->quic_early_data_hash,
-                                      kQuicEarlyDataHashTag) ||
+      !SSL_SESSION_parse_octet_string(&session, &ret->quic_early_data_context,
+                                      kQuicEarlyDataContextTag) ||
       CBS_len(&session) != 0) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
     return nullptr;
diff --git a/chromium/third_party/boringssl/src/ssl/ssl_lib.cc b/chromium/third_party/boringssl/src/ssl/ssl_lib.cc
index 625f73363df..90c265e71b3 100644
--- a/chromium/third_party/boringssl/src/ssl/ssl_lib.cc
+++ b/chromium/third_party/boringssl/src/ssl/ssl_lib.cc
@@ -2968,6 +2968,34 @@ void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
   ctx->ticket_aead_method = aead_method;
 }
 
+SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf,
+                                                  size_t buf_len) {
+  if (SSL_in_init(ssl) ||
+      ssl_protocol_version(ssl) != TLS1_3_VERSION ||
+      ssl->server) {
+    // Only TLS 1.3 clients are supported.
+    OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return nullptr;
+  }
+
+  CBS cbs, body;
+  CBS_init(&cbs, buf, buf_len);
+  uint8_t type;
+  if (!CBS_get_u8(&cbs, &type) ||
+      !CBS_get_u24_length_prefixed(&cbs, &body) ||
+      CBS_len(&cbs) != 0) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
+    return nullptr;
+  }
+
+  UniquePtr<SSL_SESSION> session = tls13_create_session_with_ticket(ssl, &body);
+  if (!session) {
+    // |tls13_create_session_with_ticket| puts the correct error.
+    return nullptr;
+  }
+  return session.release();
+}
+
 int SSL_set_tlsext_status_type(SSL *ssl, int type) {
   if (!ssl->config) {
     return 0;
diff --git a/chromium/third_party/boringssl/src/ssl/ssl_session.cc b/chromium/third_party/boringssl/src/ssl/ssl_session.cc
index fa994e89f06..4c6d04578fa 100644
--- a/chromium/third_party/boringssl/src/ssl/ssl_session.cc
+++ b/chromium/third_party/boringssl/src/ssl/ssl_session.cc
@@ -269,8 +269,8 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
       return nullptr;
     }
 
-    if (!new_session->quic_early_data_hash.CopyFrom(
-            session->quic_early_data_hash)) {
+    if (!new_session->quic_early_data_context.CopyFrom(
+            session->quic_early_data_context)) {
       return nullptr;
     }
   }
@@ -349,25 +349,6 @@ const EVP_MD *ssl_session_get_digest(const SSL_SESSION *session) {
                                   session->cipher);
 }
 
-bool compute_quic_early_data_hash(const SSL_CONFIG *config,
-                                  uint8_t hash_out[SHA256_DIGEST_LENGTH]) {
-  ScopedEVP_MD_CTX hash_ctx;
-  uint32_t transport_param_len = config->quic_transport_params.size();
-  uint32_t context_len = config->quic_early_data_context.size();
-  if (!EVP_DigestInit(hash_ctx.get(), EVP_sha256()) ||
-      !EVP_DigestUpdate(hash_ctx.get(), &transport_param_len,
-                        sizeof(transport_param_len)) ||
-      !EVP_DigestUpdate(hash_ctx.get(), config->quic_transport_params.data(),
-                        config->quic_transport_params.size()) ||
-      !EVP_DigestUpdate(hash_ctx.get(), &context_len, sizeof(context_len)) ||
-      !EVP_DigestUpdate(hash_ctx.get(), config->quic_early_data_context.data(),
-                        config->quic_early_data_context.size()) ||
-      !EVP_DigestFinal(hash_ctx.get(), hash_out, nullptr)) {
-    return false;
-  }
-  return true;
-}
-
 int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
   SSL *const ssl = hs->ssl;
   if (ssl->mode & SSL_MODE_NO_SESSION_CREATION) {
@@ -384,9 +365,8 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
   session->ssl_version = ssl->version;
   session->is_quic = ssl->quic_method != nullptr;
   if (is_server && ssl->enable_early_data && session->is_quic) {
-    if (!session->quic_early_data_hash.Init(SHA256_DIGEST_LENGTH) ||
-        !compute_quic_early_data_hash(hs->config,
-                                      session->quic_early_data_hash.data())) {
+    if (!session->quic_early_data_context.CopyFrom(
+            hs->config->quic_early_data_context)) {
       return 0;
     }
   }
diff --git a/chromium/third_party/boringssl/src/ssl/ssl_test.cc b/chromium/third_party/boringssl/src/ssl/ssl_test.cc
index fc7976e4197..3c2d852a6e1 100644
--- a/chromium/third_party/boringssl/src/ssl/ssl_test.cc
+++ b/chromium/third_party/boringssl/src/ssl/ssl_test.cc
@@ -5433,73 +5433,68 @@ TEST_F(QUICMethodTest, ZeroRTTRejectMismatchedParameters) {
   bssl::UniquePtr<SSL_SESSION> session = CreateClientSessionForQUIC();
   ASSERT_TRUE(session);
 
-  for (bool change_transport_params : {false, true}) {
-    SCOPED_TRACE(change_transport_params);
-    for (bool change_context : {false, true}) {
-      if (!change_transport_params && !change_context) {
-        continue;
-      }
-      SCOPED_TRACE(change_context);
-
-      ASSERT_TRUE(CreateClientAndServer());
-      static const uint8_t new_transport_params[] = {3};
-      static const uint8_t new_context[] = {4};
-      if (change_transport_params) {
-        ASSERT_TRUE(SSL_set_quic_transport_params(
-            server_.get(), new_transport_params, sizeof(new_transport_params)));
-      }
-      if (change_context) {
-        ASSERT_TRUE(SSL_set_quic_early_data_context(server_.get(), new_context,
-                                                    sizeof(new_context)));
-      }
-      SSL_set_session(client_.get(), session.get());
-
-      // The client handshake should return immediately into the early data
-      // state.
-      ASSERT_EQ(SSL_do_handshake(client_.get()), 1);
-      EXPECT_TRUE(SSL_in_early_data(client_.get()));
-      // The transport should have keys for sending 0-RTT data.
-      EXPECT_TRUE(
-          transport_->client()->HasWriteSecret(ssl_encryption_early_data));
-
-      // The server will consume the ClientHello, but it will not accept 0-RTT.
-      ASSERT_TRUE(ProvideHandshakeData(server_.get()));
-      ASSERT_EQ(SSL_do_handshake(server_.get()), -1);
-      EXPECT_EQ(SSL_ERROR_WANT_READ, SSL_get_error(server_.get(), -1));
-      EXPECT_FALSE(SSL_in_early_data(server_.get()));
-      EXPECT_FALSE(
-          transport_->server()->HasReadSecret(ssl_encryption_early_data));
-
-      // The client consumes the server response and signals 0-RTT rejection.
-      for (;;) {
-        ASSERT_TRUE(ProvideHandshakeData(client_.get()));
-        ASSERT_EQ(-1, SSL_do_handshake(client_.get()));
-        int err = SSL_get_error(client_.get(), -1);
-        if (err == SSL_ERROR_EARLY_DATA_REJECTED) {
-          break;
-        }
-        ASSERT_EQ(SSL_ERROR_WANT_READ, err);
-      }
+  ASSERT_TRUE(CreateClientAndServer());
+  static const uint8_t new_context[] = {4};
+  ASSERT_TRUE(SSL_set_quic_early_data_context(server_.get(), new_context,
+                                              sizeof(new_context)));
+  SSL_set_session(client_.get(), session.get());
 
-      // As in TLS over TCP, 0-RTT rejection is sticky.
-      ASSERT_EQ(-1, SSL_do_handshake(client_.get()));
-      ASSERT_EQ(SSL_ERROR_EARLY_DATA_REJECTED,
-                SSL_get_error(client_.get(), -1));
-
-      // Finish up the client and server handshakes.
-      SSL_reset_early_data_reject(client_.get());
-      ASSERT_TRUE(CompleteHandshakesForQUIC());
-
-      // Both sides can now exchange 1-RTT data.
-      ExpectHandshakeSuccess();
-      EXPECT_TRUE(SSL_session_reused(client_.get()));
-      EXPECT_TRUE(SSL_session_reused(server_.get()));
-      EXPECT_FALSE(SSL_in_early_data(client_.get()));
-      EXPECT_FALSE(SSL_in_early_data(server_.get()));
-      EXPECT_FALSE(SSL_early_data_accepted(client_.get()));
-      EXPECT_FALSE(SSL_early_data_accepted(server_.get()));
+  // The client handshake should return immediately into the early data
+  // state.
+  ASSERT_EQ(SSL_do_handshake(client_.get()), 1);
+  EXPECT_TRUE(SSL_in_early_data(client_.get()));
+  // The transport should have keys for sending 0-RTT data.
+  EXPECT_TRUE(transport_->client()->HasWriteSecret(ssl_encryption_early_data));
+
+  // The server will consume the ClientHello, but it will not accept 0-RTT.
+  ASSERT_TRUE(ProvideHandshakeData(server_.get()));
+  ASSERT_EQ(SSL_do_handshake(server_.get()), -1);
+  EXPECT_EQ(SSL_ERROR_WANT_READ, SSL_get_error(server_.get(), -1));
+  EXPECT_FALSE(SSL_in_early_data(server_.get()));
+  EXPECT_FALSE(transport_->server()->HasReadSecret(ssl_encryption_early_data));
+
+  // The client consumes the server response and signals 0-RTT rejection.
+  for (;;) {
+    ASSERT_TRUE(ProvideHandshakeData(client_.get()));
+    ASSERT_EQ(-1, SSL_do_handshake(client_.get()));
+    int err = SSL_get_error(client_.get(), -1);
+    if (err == SSL_ERROR_EARLY_DATA_REJECTED) {
+      break;
     }
+    ASSERT_EQ(SSL_ERROR_WANT_READ, err);
   }
+
+  // As in TLS over TCP, 0-RTT rejection is sticky.
+  ASSERT_EQ(-1, SSL_do_handshake(client_.get()));
+  ASSERT_EQ(SSL_ERROR_EARLY_DATA_REJECTED, SSL_get_error(client_.get(), -1));
+
+  // Finish up the client and server handshakes.
+  SSL_reset_early_data_reject(client_.get());
+  ASSERT_TRUE(CompleteHandshakesForQUIC());
+
+  // Both sides can now exchange 1-RTT data.
+  ExpectHandshakeSuccess();
+  EXPECT_TRUE(SSL_session_reused(client_.get()));
+  EXPECT_TRUE(SSL_session_reused(server_.get()));
+  EXPECT_FALSE(SSL_in_early_data(client_.get()));
+  EXPECT_FALSE(SSL_in_early_data(server_.get()));
+  EXPECT_FALSE(SSL_early_data_accepted(client_.get()));
+  EXPECT_FALSE(SSL_early_data_accepted(server_.get()));
+}
+
+TEST_F(QUICMethodTest, NoZeroRTTTicketWithoutEarlyDataContext) {
+  server_quic_early_data_context_ = {};
+  const SSL_QUIC_METHOD quic_method = DefaultQUICMethod();
+
+  SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
+  SSL_CTX_set_early_data_enabled(client_ctx_.get(), 1);
+  SSL_CTX_set_early_data_enabled(server_ctx_.get(), 1);
+  ASSERT_TRUE(SSL_CTX_set_quic_method(client_ctx_.get(), &quic_method));
+  ASSERT_TRUE(SSL_CTX_set_quic_method(server_ctx_.get(), &quic_method));
+
+  bssl::UniquePtr<SSL_SESSION> session = CreateClientSessionForQUIC();
+  ASSERT_TRUE(session);
+  EXPECT_FALSE(SSL_SESSION_early_data_capable(session.get()));
 }
 
 TEST_F(QUICMethodTest, ZeroRTTReject) {
@@ -6120,6 +6115,111 @@ TEST_P(SSLVersionTest, DoubleSSLError) {
   }
 }
 
+TEST_P(SSLVersionTest, SameKeyResume) {
+  uint8_t key[48];
+  RAND_bytes(key, sizeof(key));
+
+  bssl::UniquePtr<SSL_CTX> server_ctx2 = CreateContext();
+  ASSERT_TRUE(server_ctx2);
+  ASSERT_TRUE(UseCertAndKey(server_ctx2.get()));
+  ASSERT_TRUE(
+      SSL_CTX_set_tlsext_ticket_keys(server_ctx_.get(), key, sizeof(key)));
+  ASSERT_TRUE(
+      SSL_CTX_set_tlsext_ticket_keys(server_ctx2.get(), key, sizeof(key)));
+
+  SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
+  SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
+  SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH);
+
+  // Establish a session for |server_ctx_|.
+  bssl::UniquePtr<SSL_SESSION> session =
+      CreateClientSession(client_ctx_.get(), server_ctx_.get());
+  ASSERT_TRUE(session);
+  ClientConfig config;
+  config.session = session.get();
+
+  // Resuming with |server_ctx_| again works.
+  bssl::UniquePtr<SSL> client, server;
+  ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(),
+                                     server_ctx_.get(), config));
+  EXPECT_TRUE(SSL_session_reused(client.get()));
+  EXPECT_TRUE(SSL_session_reused(server.get()));
+
+  // Resuming with |server_ctx2| also works.
+  ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(),
+                                     server_ctx2.get(), config));
+  EXPECT_TRUE(SSL_session_reused(client.get()));
+  EXPECT_TRUE(SSL_session_reused(server.get()));
+}
+
+TEST_P(SSLVersionTest, DifferentKeyNoResume) {
+  uint8_t key1[48], key2[48];
+  RAND_bytes(key1, sizeof(key1));
+  RAND_bytes(key2, sizeof(key2));
+
+  bssl::UniquePtr<SSL_CTX> server_ctx2 = CreateContext();
+  ASSERT_TRUE(server_ctx2);
+  ASSERT_TRUE(UseCertAndKey(server_ctx2.get()));
+  ASSERT_TRUE(
+      SSL_CTX_set_tlsext_ticket_keys(server_ctx_.get(), key1, sizeof(key1)));
+  ASSERT_TRUE(
+      SSL_CTX_set_tlsext_ticket_keys(server_ctx2.get(), key2, sizeof(key2)));
+
+  SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
+  SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
+  SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH);
+
+  // Establish a session for |server_ctx_|.
+  bssl::UniquePtr<SSL_SESSION> session =
+      CreateClientSession(client_ctx_.get(), server_ctx_.get());
+  ASSERT_TRUE(session);
+  ClientConfig config;
+  config.session = session.get();
+
+  // Resuming with |server_ctx_| again works.
+  bssl::UniquePtr<SSL> client, server;
+  ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(),
+                                     server_ctx_.get(), config));
+  EXPECT_TRUE(SSL_session_reused(client.get()));
+  EXPECT_TRUE(SSL_session_reused(server.get()));
+
+  // Resuming with |server_ctx2| does not work.
+  ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(),
+                                     server_ctx2.get(), config));
+  EXPECT_FALSE(SSL_session_reused(client.get()));
+  EXPECT_FALSE(SSL_session_reused(server.get()));
+}
+
+TEST_P(SSLVersionTest, UnrelatedServerNoResume) {
+  bssl::UniquePtr<SSL_CTX> server_ctx2 = CreateContext();
+  ASSERT_TRUE(server_ctx2);
+  ASSERT_TRUE(UseCertAndKey(server_ctx2.get()));
+
+  SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
+  SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
+  SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH);
+
+  // Establish a session for |server_ctx_|.
+  bssl::UniquePtr<SSL_SESSION> session =
+      CreateClientSession(client_ctx_.get(), server_ctx_.get());
+  ASSERT_TRUE(session);
+  ClientConfig config;
+  config.session = session.get();
+
+  // Resuming with |server_ctx_| again works.
+  bssl::UniquePtr<SSL> client, server;
+  ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(),
+                                     server_ctx_.get(), config));
+  EXPECT_TRUE(SSL_session_reused(client.get()));
+  EXPECT_TRUE(SSL_session_reused(server.get()));
+
+  // Resuming with |server_ctx2| does not work.
+  ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(),
+                                     server_ctx2.get(), config));
+  EXPECT_FALSE(SSL_session_reused(client.get()));
+  EXPECT_FALSE(SSL_session_reused(server.get()));
+}
+
 TEST(SSLTest, WriteWhileExplicitRenegotiate) {
   bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
   ASSERT_TRUE(ctx);
@@ -6308,5 +6408,70 @@ TEST(SSLTest, CopyWithoutEarlyData) {
   EXPECT_EQ(session2.get(), session3.get());
 }
 
+TEST(SSLTest, ProcessTLS13NewSessionTicket) {
+  // Configure client and server to negotiate TLS 1.3 only.
+  bssl::UniquePtr<X509> cert = GetTestCertificate();
+  bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
+  bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
+  bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
+  ASSERT_TRUE(client_ctx);
+  ASSERT_TRUE(server_ctx);
+  ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), TLS1_3_VERSION));
+  ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), TLS1_3_VERSION));
+  ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
+  ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
+  ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
+  ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
+
+  bssl::UniquePtr<SSL> client, server;
+  ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
+                                     server_ctx.get()));
+  EXPECT_EQ(TLS1_3_VERSION, SSL_version(client.get()));
+
+  // Process a TLS 1.3 NewSessionTicket.
+  static const uint8_t kTicket[] = {
+      0x04, 0x00, 0x00, 0xb2, 0x00, 0x02, 0xa3, 0x00, 0x04, 0x03, 0x02, 0x01,
+      0x01, 0x00, 0x00, 0xa0, 0x01, 0x06, 0x09, 0x11, 0x16, 0x19, 0x21, 0x26,
+      0x29, 0x31, 0x36, 0x39, 0x41, 0x46, 0x49, 0x51, 0x03, 0x06, 0x09, 0x13,
+      0x16, 0x19, 0x23, 0x26, 0x29, 0x33, 0x36, 0x39, 0x43, 0x46, 0x49, 0x53,
+      0xf7, 0x00, 0x29, 0xec, 0xf2, 0xc4, 0xa4, 0x41, 0xfc, 0x30, 0x17, 0x2e,
+      0x9f, 0x7c, 0xa8, 0xaf, 0x75, 0x70, 0xf0, 0x1f, 0xc7, 0x98, 0xf7, 0xcf,
+      0x5a, 0x5a, 0x6b, 0x5b, 0xfe, 0xf1, 0xe7, 0x3a, 0xe8, 0xf7, 0x6c, 0xd2,
+      0xa8, 0xa6, 0x92, 0x5b, 0x96, 0x8d, 0xde, 0xdb, 0xd3, 0x20, 0x6a, 0xcb,
+      0x69, 0x06, 0xf4, 0x91, 0x85, 0x2e, 0xe6, 0x5e, 0x0c, 0x59, 0xf2, 0x9e,
+      0x9b, 0x79, 0x91, 0x24, 0x7e, 0x4a, 0x32, 0x3d, 0xbe, 0x4b, 0x80, 0x70,
+      0xaf, 0xd0, 0x1d, 0xe2, 0xca, 0x05, 0x35, 0x09, 0x09, 0x05, 0x0f, 0xbb,
+      0xc4, 0xae, 0xd7, 0xc4, 0xed, 0xd7, 0xae, 0x35, 0xc8, 0x73, 0x63, 0x78,
+      0x64, 0xc9, 0x7a, 0x1f, 0xed, 0x7a, 0x9a, 0x47, 0x44, 0xfd, 0x50, 0xf7,
+      0xb7, 0xe0, 0x64, 0xa9, 0x02, 0xc1, 0x5c, 0x23, 0x18, 0x3f, 0xc4, 0xcf,
+      0x72, 0x02, 0x59, 0x2d, 0xe1, 0xaa, 0x61, 0x72, 0x00, 0x04, 0x5a, 0x5a,
+      0x00, 0x00,
+  };
+  bssl::UniquePtr<SSL_SESSION> session(SSL_process_tls13_new_session_ticket(
+      client.get(), kTicket, sizeof(kTicket)));
+  ASSERT_TRUE(session);
+  ASSERT_TRUE(SSL_SESSION_has_ticket(session.get()));
+
+  uint8_t *session_buf = nullptr;
+  size_t session_length = 0;
+  ASSERT_TRUE(
+      SSL_SESSION_to_bytes(session.get(), &session_buf, &session_length));
+  bssl::UniquePtr<uint8_t> session_buf_free(session_buf);
+  ASSERT_TRUE(session_buf);
+  ASSERT_GT(session_length, 0u);
+
+  // Servers cannot call |SSL_process_tls13_new_session_ticket|.
+  ASSERT_FALSE(SSL_process_tls13_new_session_ticket(server.get(), kTicket,
+                                                    sizeof(kTicket)));
+
+  // Clients cannot call |SSL_process_tls13_new_session_ticket| before the
+  // handshake completes.
+  bssl::UniquePtr<SSL> client2(SSL_new(client_ctx.get()));
+  ASSERT_TRUE(client2);
+  SSL_set_connect_state(client2.get());
+  ASSERT_FALSE(SSL_process_tls13_new_session_ticket(client2.get(), kTicket,
+                                                    sizeof(kTicket)));
+}
+
 }  // namespace
 BSSL_NAMESPACE_END
diff --git a/chromium/third_party/boringssl/src/ssl/ssl_versions.cc b/chromium/third_party/boringssl/src/ssl/ssl_versions.cc
index d95aeb306df..3bbb4e3c1cc 100644
--- a/chromium/third_party/boringssl/src/ssl/ssl_versions.cc
+++ b/chromium/third_party/boringssl/src/ssl/ssl_versions.cc
@@ -193,11 +193,11 @@ bool ssl_get_version_range(const SSL_HANDSHAKE *hs, uint16_t *out_min_version,
     min_version = TLS1_3_VERSION;
   }
 
-  // OpenSSL's API for controlling versions entails blacklisting individual
-  // protocols. This has two problems. First, on the client, the protocol can
-  // only express a contiguous range of versions. Second, a library consumer
-  // trying to set a maximum version cannot disable protocol versions that get
-  // added in a future version of the library.
+  // The |SSL_OP_NO_*| flags disable individual protocols. This has two
+  // problems. First, prior to TLS 1.3, the protocol can only express a
+  // contiguous range of versions. Second, a library consumer trying to set a
+  // maximum version cannot disable protocol versions that get added in a future
+  // version of the library.
   //
   // To account for both of these, OpenSSL interprets the client-side bitmask
   // as a min/max range by picking the lowest contiguous non-empty range of
diff --git a/chromium/third_party/boringssl/src/ssl/tls13_client.cc b/chromium/third_party/boringssl/src/ssl/tls13_client.cc
index b889ac28364..cb379b0c959 100644
--- a/chromium/third_party/boringssl/src/ssl/tls13_client.cc
+++ b/chromium/third_party/boringssl/src/ssl/tls13_client.cc
@@ -931,26 +931,43 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
     return true;
   }
 
+  CBS body = msg.body;
+  UniquePtr<SSL_SESSION> session = tls13_create_session_with_ticket(ssl, &body);
+  if (!session) {
+    return false;
+  }
+
+  if ((ssl->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) &&
+      ssl->session_ctx->new_session_cb != NULL &&
+      ssl->session_ctx->new_session_cb(ssl, session.get())) {
+    // |new_session_cb|'s return value signals that it took ownership.
+    session.release();
+  }
+
+  return true;
+}
+
+UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl, CBS *body) {
   UniquePtr<SSL_SESSION> session = SSL_SESSION_dup(
       ssl->s3->established_session.get(), SSL_SESSION_INCLUDE_NONAUTH);
   if (!session) {
-    return false;
+    return nullptr;
   }
 
   ssl_session_rebase_time(ssl, session.get());
 
   uint32_t server_timeout;
-  CBS body = msg.body, ticket_nonce, ticket, extensions;
-  if (!CBS_get_u32(&body, &server_timeout) ||
-      !CBS_get_u32(&body, &session->ticket_age_add) ||
-      !CBS_get_u8_length_prefixed(&body, &ticket_nonce) ||
-      !CBS_get_u16_length_prefixed(&body, &ticket) ||
+  CBS ticket_nonce, ticket, extensions;
+  if (!CBS_get_u32(body, &server_timeout) ||
+      !CBS_get_u32(body, &session->ticket_age_add) ||
+      !CBS_get_u8_length_prefixed(body, &ticket_nonce) ||
+      !CBS_get_u16_length_prefixed(body, &ticket) ||
       !session->ticket.CopyFrom(ticket) ||
-      !CBS_get_u16_length_prefixed(&body, &extensions) ||
-      CBS_len(&body) != 0) {
+      !CBS_get_u16_length_prefixed(body, &extensions) ||
+      CBS_len(body) != 0) {
     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
     OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
-    return false;
+    return nullptr;
   }
 
   // Cap the renewable lifetime by the server advertised value. This avoids
@@ -960,7 +977,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
   }
 
   if (!tls13_derive_session_psk(session.get(), ticket_nonce)) {
-    return false;
+    return nullptr;
   }
 
   // Parse out the extensions.
@@ -975,7 +992,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
                             OPENSSL_ARRAY_SIZE(ext_types),
                             1 /* ignore unknown */)) {
     ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
-    return false;
+    return nullptr;
   }
 
   if (have_early_data) {
@@ -983,7 +1000,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
         CBS_len(&early_data) != 0) {
       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
-      return false;
+      return nullptr;
     }
 
     // QUIC does not use the max_early_data_size parameter and always sets it to
@@ -992,7 +1009,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
         session->ticket_max_early_data != 0xffffffff) {
       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
-      return false;
+      return nullptr;
     }
   }
 
@@ -1004,14 +1021,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
   session->ticket_age_add_valid = true;
   session->not_resumable = false;
 
-  if ((ssl->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) &&
-      ssl->session_ctx->new_session_cb != NULL &&
-      ssl->session_ctx->new_session_cb(ssl, session.get())) {
-    // |new_session_cb|'s return value signals that it took ownership.
-    session.release();
-  }
-
-  return true;
+  return session;
 }
 
 BSSL_NAMESPACE_END
diff --git a/chromium/third_party/boringssl/src/ssl/tls13_server.cc b/chromium/third_party/boringssl/src/ssl/tls13_server.cc
index 683a2ca2858..33f821e2402 100644
--- a/chromium/third_party/boringssl/src/ssl/tls13_server.cc
+++ b/chromium/third_party/boringssl/src/ssl/tls13_server.cc
@@ -127,7 +127,10 @@ static bool add_new_session_tickets(SSL_HANDSHAKE *hs, bool *out_sent_tickets) {
       return false;
     }
     session->ticket_age_add_valid = true;
-    if (ssl->enable_early_data) {
+    bool enable_early_data =
+        ssl->enable_early_data &&
+        (!ssl->quic_method || !ssl->config->quic_early_data_context.empty());
+    if (enable_early_data) {
       // QUIC does not use the max_early_data_size parameter and always sets it
       // to a fixed value. See draft-ietf-quic-tls-22, section 4.5.
       session->ticket_max_early_data =
@@ -152,7 +155,7 @@ static bool add_new_session_tickets(SSL_HANDSHAKE *hs, bool *out_sent_tickets) {
       return false;
     }
 
-    if (ssl->enable_early_data) {
+    if (enable_early_data) {
       CBB early_data;
       if (!CBB_add_u16(&extensions, TLSEXT_TYPE_early_data) ||
           !CBB_add_u16_length_prefixed(&extensions, &early_data) ||
@@ -314,13 +317,13 @@ static bool quic_ticket_compatible(const SSL_SESSION *session,
   if (!session->is_quic) {
     return true;
   }
-  if (session->quic_early_data_hash.size() != SHA256_DIGEST_LENGTH) {
-    return false;
-  }
-  uint8_t early_data_hash[SHA256_DIGEST_LENGTH];
-  if (!compute_quic_early_data_hash(config, early_data_hash) ||
-      CRYPTO_memcmp(session->quic_early_data_hash.data(), early_data_hash,
-                    SHA256_DIGEST_LENGTH) != 0) {
+
+  if (session->quic_early_data_context.empty() ||
+      config->quic_early_data_context.size() !=
+          session->quic_early_data_context.size() ||
+      CRYPTO_memcmp(config->quic_early_data_context.data(),
+                    session->quic_early_data_context.data(),
+                    session->quic_early_data_context.size()) != 0) {
     return false;
   }
   return true;
diff --git a/chromium/third_party/boringssl/src/tool/CMakeLists.txt b/chromium/third_party/boringssl/src/tool/CMakeLists.txt
index 7f340171d7d..765871381c1 100644
--- a/chromium/third_party/boringssl/src/tool/CMakeLists.txt
+++ b/chromium/third_party/boringssl/src/tool/CMakeLists.txt
@@ -8,6 +8,7 @@ add_executable(
   client.cc
   const.cc
   digest.cc
+  fd.cc
   file.cc
   generate_ed25519.cc
   genrsa.cc
diff --git a/chromium/third_party/boringssl/src/tool/digest.cc b/chromium/third_party/boringssl/src/tool/digest.cc
index 742fa7f4dd3..3c8fd5a64e3 100644
--- a/chromium/third_party/boringssl/src/tool/digest.cc
+++ b/chromium/third_party/boringssl/src/tool/digest.cc
@@ -36,8 +36,9 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
 #include <windows.h>
 OPENSSL_MSVC_PRAGMA(warning(pop))
 #include <io.h>
+#if !defined(PATH_MAX)
 #define PATH_MAX MAX_PATH
-typedef int ssize_t;
+#endif
 #endif
 
 #include <openssl/digest.h>
@@ -45,19 +46,6 @@ typedef int ssize_t;
 #include "internal.h"
 
 
-struct close_delete {
-  void operator()(int *fd) {
-    BORINGSSL_CLOSE(*fd);
-  }
-};
-
-template<typename T, typename R, R (*func) (T*)>
-struct func_delete {
-  void operator()(T* obj) {
-    func(obj);
-  }
-};
-
 // Source is an awkward expression of a union type in C++: Stdin | File filename.
 struct Source {
   enum Type {
@@ -79,37 +67,31 @@ struct Source {
 
 static const char kStdinName[] = "standard input";
 
-// OpenFile opens the regular file named |filename| and sets |*out_fd| to be a
-// file descriptor to it. Returns true on sucess or prints an error to stderr
-// and returns false on error.
-static bool OpenFile(int *out_fd, const std::string &filename) {
-  *out_fd = -1;
-
-  int fd = BORINGSSL_OPEN(filename.c_str(), O_RDONLY | O_BINARY);
-  if (fd < 0) {
+// OpenFile opens the regular file named |filename| and returns a file
+// descriptor to it.
+static ScopedFD OpenFile(const std::string &filename) {
+  ScopedFD fd = OpenFD(filename.c_str(), O_RDONLY | O_BINARY);
+  if (!fd) {
     fprintf(stderr, "Failed to open input file '%s': %s\n", filename.c_str(),
             strerror(errno));
-    return false;
+    return ScopedFD();
   }
-  std::unique_ptr<int, close_delete> scoped_fd(&fd);
 
 #if !defined(OPENSSL_WINDOWS)
   struct stat st;
-  if (fstat(fd, &st)) {
+  if (fstat(fd.get(), &st)) {
     fprintf(stderr, "Failed to stat input file '%s': %s\n", filename.c_str(),
             strerror(errno));
-    return false;
+    return ScopedFD();
   }
 
   if (!S_ISREG(st.st_mode)) {
     fprintf(stderr, "%s: not a regular file\n", filename.c_str());
-    return false;
+    return ScopedFD();
   }
 #endif
 
-  *out_fd = fd;
-  scoped_fd.release();
-  return true;
+  return fd;
 }
 
 // SumFile hashes the contents of |source| with |md| and sets |*out_hex| to the
@@ -119,16 +101,17 @@ static bool OpenFile(int *out_fd, const std::string &filename) {
 // error.
 static bool SumFile(std::string *out_hex, const EVP_MD *md,
                     const Source &source) {
-  std::unique_ptr<int, close_delete> scoped_fd;
+  ScopedFD scoped_fd;
   int fd;
 
   if (source.is_stdin()) {
     fd = 0;
   } else {
-    if (!OpenFile(&fd, source.filename())) {
+    scoped_fd = OpenFile(source.filename());
+    if (!scoped_fd) {
       return false;
     }
-    scoped_fd.reset(&fd);
+    fd = scoped_fd.get();
   }
 
   static const size_t kBufSize = 8192;
@@ -141,21 +124,18 @@ static bool SumFile(std::string *out_hex, const EVP_MD *md,
   }
 
   for (;;) {
-    ssize_t n;
-
-    do {
-      n = BORINGSSL_READ(fd, buf.get(), kBufSize);
-    } while (n == -1 && errno == EINTR);
-
-    if (n == 0) {
-      break;
-    } else if (n < 0) {
+    size_t n;
+    if (!ReadFromFD(fd, &n, buf.get(), kBufSize)) {
       fprintf(stderr, "Failed to read from %s: %s\n",
               source.is_stdin() ? kStdinName : source.filename().c_str(),
               strerror(errno));
       return false;
     }
 
+    if (n == 0) {
+      break;
+    }
+
     if (!EVP_DigestUpdate(ctx.get(), buf.get(), n)) {
       fprintf(stderr, "Failed to update hash.\n");
       return false;
@@ -221,25 +201,23 @@ struct CheckModeArguments {
 // returns false.
 static bool Check(const CheckModeArguments &args, const EVP_MD *md,
                   const Source &source) {
-  std::unique_ptr<FILE, func_delete<FILE, int, fclose>> scoped_file;
   FILE *file;
+  ScopedFILE scoped_file;
 
   if (source.is_stdin()) {
     file = stdin;
   } else {
-    int fd;
-    if (!OpenFile(&fd, source.filename())) {
+    ScopedFD fd = OpenFile(source.filename());
+    if (!fd) {
       return false;
     }
 
-    file = BORINGSSL_FDOPEN(fd, "rb");
-    if (!file) {
+    scoped_file = FDToFILE(std::move(fd), "rb");
+    if (!scoped_file) {
       perror("fdopen");
-      BORINGSSL_CLOSE(fd);
       return false;
     }
-
-    scoped_file = std::unique_ptr<FILE, func_delete<FILE, int, fclose>>(file);
+    file = scoped_file.get();
   }
 
   const size_t hex_size = EVP_MD_size(md) * 2;
diff --git a/chromium/third_party/boringssl/src/tool/fd.cc b/chromium/third_party/boringssl/src/tool/fd.cc
new file mode 100644
index 00000000000..2c27ccdb3cf
--- /dev/null
+++ b/chromium/third_party/boringssl/src/tool/fd.cc
@@ -0,0 +1,105 @@
+/* Copyright (c) 2020, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/base.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+
+#include <algorithm>
+
+#include "internal.h"
+
+#if defined(OPENSSL_WINDOWS)
+#include <io.h>
+#else
+#include <fcntl.h>
+#include <unistd.h>
+#endif
+
+
+ScopedFD OpenFD(const char *path, int flags) {
+#if defined(OPENSSL_WINDOWS)
+  return ScopedFD(_open(path, flags));
+#else
+  int fd;
+  do {
+    fd = open(path, flags);
+  } while (fd == -1 && errno == EINTR);
+  return ScopedFD(fd);
+#endif
+}
+
+void CloseFD(int fd) {
+#if defined(OPENSSL_WINDOWS)
+  _close(fd);
+#else
+  close(fd);
+#endif
+}
+
+bool ReadFromFD(int fd, size_t *out_bytes_read, void *out, size_t num) {
+#if defined(OPENSSL_WINDOWS)
+  // On Windows, the buffer must be at most |INT_MAX|. See
+  // https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/read?view=vs-2019
+  int ret = _read(fd, out, std::min(size_t{INT_MAX}, num));
+#else
+  ssize_t ret;
+  do {
+    ret = read(fd, out, num);
+  } while (ret == -1 && errno == EINVAL);
+#endif
+
+  if (ret < 0) {
+    *out_bytes_read = 0;
+    return false;
+  }
+  *out_bytes_read = ret;
+  return true;
+}
+
+bool WriteToFD(int fd, size_t *out_bytes_written, const void *in, size_t num) {
+#if defined(OPENSSL_WINDOWS)
+  // The documentation for |_write| does not say the buffer must be at most
+  // |INT_MAX|, but clamp it to |INT_MAX| instead of |UINT_MAX| in case.
+  int ret = _write(fd, in, std::min(size_t{INT_MAX}, num));
+#else
+  ssize_t ret;
+  do {
+    ret = write(fd, in, num);
+  } while (ret == -1 && errno == EINVAL);
+#endif
+
+  if (ret < 0) {
+    *out_bytes_written = 0;
+    return false;
+  }
+  *out_bytes_written = ret;
+  return true;
+}
+
+ScopedFILE FDToFILE(ScopedFD fd, const char *mode) {
+  ScopedFILE ret;
+#if defined(OPENSSL_WINDOWS)
+  ret.reset(_fdopen(fd.get(), mode));
+#else
+  ret.reset(fdopen(fd.get(), mode));
+#endif
+  // |fdopen| takes ownership of |fd| on success.
+  if (ret) {
+    fd.release();
+  }
+  return ret;
+}
diff --git a/chromium/third_party/boringssl/src/tool/internal.h b/chromium/third_party/boringssl/src/tool/internal.h
index 4cace9d3d67..eb9e4ba8f5a 100644
--- a/chromium/third_party/boringssl/src/tool/internal.h
+++ b/chromium/third_party/boringssl/src/tool/internal.h
@@ -18,32 +18,17 @@
 #include <openssl/base.h>
 
 #include <string>
+#include <utility>
 #include <vector>
 
-OPENSSL_MSVC_PRAGMA(warning(push))
 // MSVC issues warning C4702 for unreachable code in its xtree header when
 // compiling with -D_HAS_EXCEPTIONS=0. See
 // https://connect.microsoft.com/VisualStudio/feedback/details/809962
+OPENSSL_MSVC_PRAGMA(warning(push))
 OPENSSL_MSVC_PRAGMA(warning(disable: 4702))
-
 #include <map>
-
 OPENSSL_MSVC_PRAGMA(warning(pop))
 
-#if defined(OPENSSL_WINDOWS)
-  #define BORINGSSL_OPEN _open
-  #define BORINGSSL_FDOPEN _fdopen
-  #define BORINGSSL_CLOSE _close
-  #define BORINGSSL_READ _read
-  #define BORINGSSL_WRITE _write
-#else
-  #define BORINGSSL_OPEN open
-  #define BORINGSSL_FDOPEN fdopen
-  #define BORINGSSL_CLOSE close
-  #define BORINGSSL_READ read
-  #define BORINGSSL_WRITE write
-#endif
-
 struct FileCloser {
   void operator()(FILE *file) {
     fclose(file);
@@ -52,6 +37,67 @@ struct FileCloser {
 
 using ScopedFILE = std::unique_ptr<FILE, FileCloser>;
 
+// The following functions abstract between POSIX and Windows differences in
+// file descriptor I/O functions.
+
+// CloseFD behaves like |close|.
+void CloseFD(int fd);
+
+class ScopedFD {
+ public:
+  ScopedFD() {}
+  explicit ScopedFD(int fd) : fd_(fd) {}
+  ScopedFD(ScopedFD &&other) { *this = std::move(other); }
+  ScopedFD(const ScopedFD &) = delete;
+  ~ScopedFD() { reset(); }
+
+  ScopedFD &operator=(const ScopedFD &) = delete;
+  ScopedFD &operator=(ScopedFD &&other) {
+    reset();
+    fd_ = other.fd_;
+    other.fd_ = -1;
+    return *this;
+  }
+
+  explicit operator bool() const { return fd_ >= 0; }
+
+  int get() const { return fd_; }
+
+  void reset() {
+    if (fd_ >= 0) {
+      CloseFD(fd_);
+    }
+    fd_ = -1;
+  }
+
+  int release() {
+    int fd = fd_;
+    fd_ = -1;
+    return fd;
+  }
+
+ private:
+  int fd_ = -1;
+};
+
+// OpenFD behaves like |open| but handles |EINTR| and works on Windows.
+ScopedFD OpenFD(const char *path, int flags);
+
+// ReadFromFD reads up to |num| bytes from |fd| and writes the result to |out|.
+// On success, it returns true and sets |*out_bytes_read| to the number of bytes
+// read. Otherwise, it returns false and leaves an error in |errno|. On POSIX,
+// it handles |EINTR| internally.
+bool ReadFromFD(int fd, size_t *out_bytes_read, void *out, size_t num);
+
+// WriteToFD writes up to |num| bytes from |in| to |fd|. On success, it returns
+// true and sets |*out_bytes_written| to the number of bytes written. Otherwise,
+// it returns false and leaves an error in |errno|. On POSIX, it handles |EINTR|
+// internally.
+bool WriteToFD(int fd, size_t *out_bytes_written, const void *in, size_t num);
+
+// FDToFILE behaves like |fdopen|.
+ScopedFILE FDToFILE(ScopedFD fd, const char *mode);
+
 enum ArgumentType {
   kRequiredArgument,
   kOptionalArgument,
diff --git a/chromium/third_party/boringssl/src/tool/pkcs12.cc b/chromium/third_party/boringssl/src/tool/pkcs12.cc
index a8ddb0e01d8..3d8a1cd7583 100644
--- a/chromium/third_party/boringssl/src/tool/pkcs12.cc
+++ b/chromium/third_party/boringssl/src/tool/pkcs12.cc
@@ -40,12 +40,6 @@
 #include "internal.h"
 
 
-#if defined(OPENSSL_WINDOWS)
-typedef int read_result_t;
-#else
-typedef ssize_t read_result_t;
-#endif
-
 static const struct argument kArguments[] = {
     {
      "-dump", kOptionalArgument,
@@ -65,51 +59,52 @@ bool DoPKCS12(const std::vector<std::string> &args) {
     return false;
   }
 
-  int fd = BORINGSSL_OPEN(args_map["-dump"].c_str(), O_RDONLY);
-  if (fd < 0) {
+  ScopedFD fd = OpenFD(args_map["-dump"].c_str(), O_RDONLY);
+  if (!fd) {
     perror("open");
     return false;
   }
 
   struct stat st;
-  if (fstat(fd, &st)) {
+  if (fstat(fd.get(), &st)) {
     perror("fstat");
-    BORINGSSL_CLOSE(fd);
     return false;
   }
   const size_t size = st.st_size;
 
   std::unique_ptr<uint8_t[]> contents(new uint8_t[size]);
-  read_result_t n;
   size_t off = 0;
-  do {
-    n = BORINGSSL_READ(fd, &contents[off], size - off);
-    if (n >= 0) {
-      off += static_cast<size_t>(n);
+  while (off < size) {
+    size_t bytes_read;
+    if (!ReadFromFD(fd.get(), &bytes_read, contents.get() + off, size - off)) {
+      perror("read");
+      return false;
     }
-  } while ((n > 0 && off < size) || (n == -1 && errno == EINTR));
-
-  if (off != size) {
-    perror("read");
-    BORINGSSL_CLOSE(fd);
-    return false;
+    if (bytes_read == 0) {
+      fprintf(stderr, "Unexpected EOF\n");
+      return false;
+    }
+    off += bytes_read;
   }
 
-  BORINGSSL_CLOSE(fd);
-
   printf("Enter password: ");
   fflush(stdout);
 
   char password[256];
   off = 0;
-  do {
-    n = BORINGSSL_READ(0, &password[off], sizeof(password) - 1 - off);
-    if (n >= 0) {
-      off += static_cast<size_t>(n);
+  while (off < sizeof(password) - 1) {
+    size_t bytes_read;
+    if (!ReadFromFD(0, &bytes_read, password + off,
+                    sizeof(password) - 1 - off)) {
+      perror("read");
+      return false;
     }
-  } while ((n > 0 && OPENSSL_memchr(password, '\n', off) == NULL &&
-            off < sizeof(password) - 1) ||
-           (n == -1 && errno == EINTR));
+
+    off += bytes_read;
+    if (bytes_read == 0 || OPENSSL_memchr(password, '\n', off) != nullptr) {
+      break;
+    }
+  }
 
   char *newline = reinterpret_cast<char *>(OPENSSL_memchr(password, '\n', off));
   if (newline == NULL) {
diff --git a/chromium/third_party/boringssl/src/tool/transport_common.cc b/chromium/third_party/boringssl/src/tool/transport_common.cc
index 7c5e962c758..88e91695f03 100644
--- a/chromium/third_party/boringssl/src/tool/transport_common.cc
+++ b/chromium/third_party/boringssl/src/tool/transport_common.cc
@@ -55,7 +55,6 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
 #include <ws2tcpip.h>
 OPENSSL_MSVC_PRAGMA(warning(pop))
 
-typedef int ssize_t;
 OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib"))
 #endif
 
@@ -68,7 +67,10 @@ OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib"))
 #include "transport_common.h"
 
 
-#if !defined(OPENSSL_WINDOWS)
+#if defined(OPENSSL_WINDOWS)
+using socket_result_t = int;
+#else
+using socket_result_t = ssize_t;
 static int closesocket(int sock) {
   return close(sock);
 }
@@ -739,12 +741,13 @@ bool TransferData(SSL *ssl, int sock) {
           return true;
         }
 
-        ssize_t n;
-        do {
-          n = BORINGSSL_WRITE(1, buffer, ssl_ret);
-        } while (n == -1 && errno == EINTR);
+        size_t n;
+        if (!WriteToFD(1, &n, buffer, ssl_ret)) {
+          fprintf(stderr, "Error writing to stdout.\n");
+          return false;
+        }
 
-        if (n != ssl_ret) {
+        if (n != static_cast<size_t>(ssl_ret)) {
           fprintf(stderr, "Short write to stderr.\n");
           return false;
         }
@@ -786,7 +789,7 @@ class SocketLineReader {
         return false;
       }
 
-      ssize_t n;
+      socket_result_t n;
       do {
         n = recv(sock_, &buf_[buf_len_], sizeof(buf_) - buf_len_, 0);
       } while (n == -1 && errno == EINTR);
@@ -871,7 +874,7 @@ static bool SendAll(int sock, const char *data, size_t data_len) {
   size_t done = 0;
 
   while (done < data_len) {
-    ssize_t n;
+    socket_result_t n;
     do {
       n = send(sock, &data[done], data_len - done, 0);
     } while (n == -1 && errno == EINTR);
diff --git a/chromium/third_party/boringssl/src/util/check_imported_libraries.go b/chromium/third_party/boringssl/src/util/check_imported_libraries.go
index 835d5fdd7f4..187e51441fe 100644
--- a/chromium/third_party/boringssl/src/util/check_imported_libraries.go
+++ b/chromium/third_party/boringssl/src/util/check_imported_libraries.go
@@ -12,9 +12,9 @@
 // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-// check_imported_libraries.go checks that each of its arguments only imports a
-// whitelist of allowed libraries. This is used to avoid accidental dependencies
-// on libstdc++.so.
+// check_imported_libraries.go checks that each of its arguments only imports
+// allowed libraries. This is used to avoid accidental dependencies on
+// libstdc++.so.
 package main
 
 import (
diff --git a/chromium/third_party/boringssl/src/util/embed_test_data.go b/chromium/third_party/boringssl/src/util/embed_test_data.go
index 5376fdd490b..a0efdc46e74 100644
--- a/chromium/third_party/boringssl/src/util/embed_test_data.go
+++ b/chromium/third_party/boringssl/src/util/embed_test_data.go
@@ -18,11 +18,15 @@ package main
 
 import (
 	"bytes"
+	"flag"
 	"fmt"
 	"io/ioutil"
 	"os"
+	"strings"
 )
 
+var fileList = flag.String("file-list", "", "if not empty, the path to a file containing a newline-separated list of files, to work around Windows command-line limits")
+
 func quote(in []byte) string {
 	var buf bytes.Buffer
 	buf.WriteByte('"')
@@ -60,6 +64,20 @@ func quote(in []byte) string {
 }
 
 func main() {
+	flag.Parse()
+
+	var files []string
+	if len(*fileList) != 0 {
+		data, err := ioutil.ReadFile(*fileList)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error reading %s: %s.\n", *fileList, err)
+			os.Exit(1)
+		}
+		files = strings.FieldsFunc(string(data), func(r rune) bool { return r == '\r' || r == '\n' })
+	}
+
+	files = append(files, flag.Args()...)
+
 	fmt.Printf(`/* Copyright (c) 2017, Google Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -77,7 +95,7 @@ func main() {
 /* This file is generated by:
 `)
 	fmt.Printf(" *   go run util/embed_test_data.go")
-	for _, arg := range os.Args[1:] {
+	for _, arg := range files {
 		fmt.Printf(" \\\n *       %s", arg)
 	}
 	fmt.Printf(" */\n")
@@ -99,7 +117,7 @@ func main() {
 	// literal, but this is less compact.
 	const chunkSize = 8192
 
-	for i, arg := range os.Args[1:] {
+	for i, arg := range files {
 		data, err := ioutil.ReadFile(arg)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "Error reading %s: %s.\n", arg, err)
@@ -133,7 +151,7 @@ std::string GetTestData(const char *path);
 
 std::string GetTestData(const char *path) {
 `, chunkSize, chunkSize, chunkSize)
-	for i, arg := range os.Args[1:] {
+	for i, arg := range files {
 		fmt.Printf("  if (strcmp(path, %s) == 0) {\n", quote([]byte(arg)))
 		fmt.Printf("    return AssembleString(kData%d, kLen%d);\n", i, i)
 		fmt.Printf("  }\n")
diff --git a/chromium/third_party/boringssl/src/util/fipstools/acvp/acvptool/acvp.go b/chromium/third_party/boringssl/src/util/fipstools/acvp/acvptool/acvp.go
index c539b3b3a5e..2753dd3ad0c 100644
--- a/chromium/third_party/boringssl/src/util/fipstools/acvp/acvptool/acvp.go
+++ b/chromium/third_party/boringssl/src/util/fipstools/acvp/acvptool/acvp.go
@@ -375,7 +375,9 @@ func main() {
 
 			resultData := resultBuf.Bytes()
 			resultSize := uint64(len(resultData)) + 32 /* for framing overhead */
-			if resultSize >= server.SizeLimit {
+			if server.SizeLimit > 0 && resultSize >= server.SizeLimit {
+				// The NIST ACVP server no longer requires the large-upload process,
+				// suggesting that it may no longer be needed.
 				log.Printf("Result is %d bytes, too much given server limit of %d bytes. Using large-upload process.", resultSize, server.SizeLimit)
 				largeRequestBytes, err := json.Marshal(acvp.LargeUploadRequest{
 					Size: resultSize,
diff --git a/chromium/third_party/boringssl/src/util/fipstools/acvp/acvptool/acvp/acvp.go b/chromium/third_party/boringssl/src/util/fipstools/acvp/acvptool/acvp/acvp.go
index 7b4ff884859..52d74887588 100644
--- a/chromium/third_party/boringssl/src/util/fipstools/acvp/acvptool/acvp/acvp.go
+++ b/chromium/third_party/boringssl/src/util/fipstools/acvp/acvptool/acvp/acvp.go
@@ -39,15 +39,16 @@ type Server struct {
 	// The keys of this map are strings like "acvp/v1/testSessions/1234" and the
 	// values are JWT access tokens.
 	PrefixTokens map[string]string
-	// SizeLimit is the maximum number of bytes that the server can accept as an
-	// upload before the large endpoint support must be used.
+	// SizeLimit is the maximum number of bytes that the server can accept
+	// as an upload before the large endpoint support must be used. Zero
+	// means that there is no limit.
 	SizeLimit uint64
 	// AccessToken is the top-level access token for the current session.
 	AccessToken string
 
-	client      *http.Client
-	prefix      string
-	totpFunc    func() string
+	client   *http.Client
+	prefix   string
+	totpFunc func() string
 }
 
 // NewServer returns a fresh Server instance representing the ACVP server at
@@ -274,7 +275,7 @@ func (server *Server) Login() error {
 	var reply struct {
 		AccessToken           string `json:"accessToken"`
 		LargeEndpointRequired bool   `json:"largeEndpointRequired"`
-		SizeLimit             uint64 `json:"sizeConstraint"`
+		SizeLimit             int64  `json:"sizeConstraint"`
 	}
 
 	if err := server.postMessage(&reply, "acvp/v1/login", map[string]string{"password": server.totpFunc()}); err != nil {
@@ -287,10 +288,10 @@ func (server *Server) Login() error {
 	server.AccessToken = reply.AccessToken
 
 	if reply.LargeEndpointRequired {
-		if reply.SizeLimit == 0 {
+		if reply.SizeLimit <= 0 {
 			return errors.New("login indicated largeEndpointRequired but didn't provide a sizeConstraint")
 		}
-		server.SizeLimit = reply.SizeLimit
+		server.SizeLimit = uint64(reply.SizeLimit)
 	}
 
 	return nil
@@ -363,18 +364,18 @@ func (query Query) toURLParams() string {
 var NotFound = errors.New("acvp: HTTP code 404")
 
 func (server *Server) newRequestWithToken(method, endpoint string, body io.Reader) (*http.Request, error) {
-    token, err := server.getToken(endpoint)
-    if err != nil {
-        return nil, err
-    }
-    req, err := http.NewRequest(method, server.prefix+endpoint, body)
-    if err != nil {
-        return nil, err
-    }
-    if len(token) != 0 {
-       req.Header.Add("Authorization", "Bearer "+token)
-    }
-    return req, nil
+	token, err := server.getToken(endpoint)
+	if err != nil {
+		return nil, err
+	}
+	req, err := http.NewRequest(method, server.prefix+endpoint, body)
+	if err != nil {
+		return nil, err
+	}
+	if len(token) != 0 {
+		req.Header.Add("Authorization", "Bearer "+token)
+	}
+	return req, nil
 }
 
 func (server *Server) Get(out interface{}, endPoint string) error {
diff --git a/chromium/third_party/boringssl/src/util/fipstools/break-tests-android.sh b/chromium/third_party/boringssl/src/util/fipstools/break-tests-android.sh
index f6d9b1a64f3..a5289cf2219 100644
--- a/chromium/third_party/boringssl/src/util/fipstools/break-tests-android.sh
+++ b/chromium/third_party/boringssl/src/util/fipstools/break-tests-android.sh
@@ -42,7 +42,7 @@ fi
 
 . build/envsetup.sh
 
-TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG"
+TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG Z_COMPUTATION"
 
 if [ "x$1" = "x32" ]; then
   lib="lib"
diff --git a/chromium/third_party/boringssl/src/util/fipstools/break-tests.sh b/chromium/third_party/boringssl/src/util/fipstools/break-tests.sh
index d0ec1df10c9..670c4feff92 100644
--- a/chromium/third_party/boringssl/src/util/fipstools/break-tests.sh
+++ b/chromium/third_party/boringssl/src/util/fipstools/break-tests.sh
@@ -22,7 +22,7 @@
 
 set -x
 
-TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG"
+TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG Z_COMPUTATION"
 
 if [ "x$1" = "xbuild" ]; then
 	for test in $TESTS; do
diff --git a/chromium/third_party/boringssl/src/util/generate_build_files.py b/chromium/third_party/boringssl/src/util/generate_build_files.py
index 23d7ea5397c..623e7d33c5a 100644
--- a/chromium/third_party/boringssl/src/util/generate_build_files.py
+++ b/chromium/third_party/boringssl/src/util/generate_build_files.py
@@ -489,7 +489,7 @@ elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "amd64")
   set(ARCH "x86_64")
 elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "AMD64")
   # cmake reports AMD64 on Windows, but we might be building for 32-bit.
-  if(CMAKE_CL_64)
+  if(CMAKE_SIZEOF_VOID_P EQUAL 8)
     set(ARCH "x86_64")
   else()
     set(ARCH "x86")
diff --git a/chromium/third_party/boringssl/src/util/read_symbols.go b/chromium/third_party/boringssl/src/util/read_symbols.go
index 791ea5d1263..96c148ab5a9 100644
--- a/chromium/third_party/boringssl/src/util/read_symbols.go
+++ b/chromium/third_party/boringssl/src/util/read_symbols.go
@@ -119,8 +119,8 @@ func main() {
 			// should not be prefixed. It is a limitation of this
 			// symbol-prefixing strategy that we cannot distinguish
 			// our own inline symbols (which should be prefixed)
-			// from the system's (which should not), so we blacklist
-			// known system symbols.
+			// from the system's (which should not), so we skip known
+			// system symbols.
 			"__local_stdio_printf_options",
 			"__local_stdio_scanf_options",
 			"_vscprintf",
diff --git a/chromium/third_party/boringssl/test_data_chromium.cc b/chromium/third_party/boringssl/test_data_chromium.cc
index 7d25db5a0a1..d8e154ebd70 100644
--- a/chromium/third_party/boringssl/test_data_chromium.cc
+++ b/chromium/third_party/boringssl/test_data_chromium.cc
@@ -3,9 +3,9 @@
 // found in the LICENSE file.
 
 #include "base/base_paths.h"
+#include "base/check.h"
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
-#include "base/logging.h"
 #include "base/path_service.h"
 
 // BoringSSL requires a GetTestData function to pick up test data files. By