From 3ba9586bc081f67903c89917f23e74a0662ba953 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Mon, 21 Oct 2019 16:14:33 -0400
Subject: [PATCH] Rename a number of BUF_* functions to OPENSSL_*.

Upstream did this in 7644a9aef8932ed4d1c3f25ed776c997702982be, so align
with them. Add the new OPENSSL_* names and switch all callers witihn the
library to match. Keep the old BUF_* names around for compatibility.

Note there were two functions where we already had an OPENSSL_* version:
OPENSSL_strdup and OPENSSL_strnlen. The former now gains a NULL check to
align with BUF_strdup. The latter gets deduplicated; we had two
implementations.

Change-Id: Ia1cd4527a752fcd62e142ed1e1d7768d323279ba
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/38425
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
---
 crypto/asn1/a_time.c        |  7 ++--
 crypto/bio/connect.c        |  7 ++--
 crypto/bio/fd.c             |  1 -
 crypto/bio/file.c           | 11 +++---
 crypto/bio/pair.c           |  1 -
 crypto/buf/buf.c            | 75 +++----------------------------------
 crypto/bytestring/cbb.c     |  3 +-
 crypto/bytestring/cbs.c     |  5 +--
 crypto/cpu-arm-linux.c      |  1 -
 crypto/dh/dh.c              |  3 +-
 crypto/ec_extra/ec_derive.c |  5 +--
 crypto/evp/evp_test.cc      |  5 +--
 crypto/evp/p_ec.c           |  1 -
 crypto/evp/p_rsa.c          |  3 +-
 crypto/evp/p_x25519_asn1.c  |  3 +-
 crypto/mem.c                | 70 ++++++++++++++++++++++++++++++++++
 crypto/obj/obj.c            |  3 +-
 crypto/pem/pem_info.c       |  1 -
 crypto/pem/pem_lib.c        | 14 +++----
 crypto/pem/pem_oth.c        |  1 -
 crypto/pem/pem_pk8.c        |  1 -
 crypto/pem/pem_pkey.c       |  1 -
 crypto/pkcs7/pkcs7_x509.c   |  2 +-
 crypto/pool/pool.c          |  3 +-
 crypto/test/abi_test.cc     |  3 +-
 crypto/x509/a_verify.c      |  1 -
 crypto/x509/by_dir.c        |  2 +-
 crypto/x509/by_file.c       |  1 -
 crypto/x509/x509_cmp.c      |  1 -
 crypto/x509/x509_obj.c      |  2 +-
 crypto/x509/x509_r2x.c      |  1 -
 crypto/x509/x509_req.c      |  1 -
 crypto/x509/x509_trs.c      |  3 +-
 crypto/x509/x509_vfy.c      |  1 -
 crypto/x509/x509_vpm.c      |  7 ++--
 crypto/x509/x_all.c         |  1 -
 crypto/x509v3/v3_alt.c      |  6 +--
 crypto/x509v3/v3_enum.c     |  4 +-
 crypto/x509v3/v3_info.c     |  9 ++---
 crypto/x509v3/v3_purp.c     |  5 +--
 crypto/x509v3/v3_utl.c      | 23 ++++++------
 include/openssl/buf.h       | 18 ++++-----
 include/openssl/mem.h       | 19 +++++++++-
 ssl/d1_both.cc              |  1 -
 ssl/d1_pkt.cc               |  1 -
 ssl/dtls_method.cc          |  1 -
 ssl/handshake_client.cc     |  3 +-
 ssl/handshake_server.cc     |  1 -
 ssl/s3_lib.cc               |  1 -
 ssl/s3_pkt.cc               |  1 -
 ssl/ssl_asn1.cc             |  3 +-
 ssl/ssl_cert.cc             |  1 -
 ssl/ssl_cipher.cc           |  1 -
 ssl/ssl_lib.cc              |  6 +--
 ssl/ssl_session.cc          |  3 +-
 ssl/test/bssl_shim.cc       |  1 -
 ssl/test/test_config.cc     |  2 +-
 ssl/tls_method.cc           |  2 +-
 58 files changed, 171 insertions(+), 192 deletions(-)

diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index c962c0bf0f..51aae5d9fa 100644
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -60,7 +60,6 @@
 #include <time.h>
 
 #include <openssl/asn1t.h>
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
@@ -143,11 +142,11 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
     str = (char *)ret->data;
     /* Work out the century and prepend */
     if (t->data[0] >= '5')
-        BUF_strlcpy(str, "19", newlen);
+        OPENSSL_strlcpy(str, "19", newlen);
     else
-        BUF_strlcpy(str, "20", newlen);
+        OPENSSL_strlcpy(str, "20", newlen);
 
-    BUF_strlcat(str, (char *)t->data, newlen);
+    OPENSSL_strlcat(str, (char *)t->data, newlen);
 
  done:
    if (out != NULL && *out == NULL)
diff --git a/crypto/bio/connect.c b/crypto/bio/connect.c
index 604803acd0..b8afa61377 100644
--- a/crypto/bio/connect.c
+++ b/crypto/bio/connect.c
@@ -74,7 +74,6 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
 OPENSSL_MSVC_PRAGMA(warning(pop))
 #endif
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
@@ -149,7 +148,7 @@ static int split_host_and_port(char **out_host, char **out_port, const char *nam
     }
   }
 
-  *out_host = BUF_strndup(host, host_len);
+  *out_host = OPENSSL_strndup(host, host_len);
   if (*out_host == NULL) {
     return 0;
   }
@@ -429,13 +428,13 @@ static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) {
         bio->init = 1;
         if (num == 0) {
           OPENSSL_free(data->param_hostname);
-          data->param_hostname = BUF_strdup(ptr);
+          data->param_hostname = OPENSSL_strdup(ptr);
           if (data->param_hostname == NULL) {
             ret = 0;
           }
         } else if (num == 1) {
           OPENSSL_free(data->param_port);
-          data->param_port = BUF_strdup(ptr);
+          data->param_port = OPENSSL_strdup(ptr);
           if (data->param_port == NULL) {
             ret = 0;
           }
diff --git a/crypto/bio/fd.c b/crypto/bio/fd.c
index 877f53d1e6..d4e6918057 100644
--- a/crypto/bio/fd.c
+++ b/crypto/bio/fd.c
@@ -70,7 +70,6 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
 OPENSSL_MSVC_PRAGMA(warning(pop))
 #endif
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
diff --git a/crypto/bio/file.c b/crypto/bio/file.c
index a177763fd8..15feb9d866 100644
--- a/crypto/bio/file.c
+++ b/crypto/bio/file.c
@@ -79,7 +79,6 @@
 #include <stdio.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
@@ -208,16 +207,16 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) {
       b->shutdown = (int)num & BIO_CLOSE;
       if (num & BIO_FP_APPEND) {
         if (num & BIO_FP_READ) {
-          BUF_strlcpy(p, "a+", sizeof(p));
+          OPENSSL_strlcpy(p, "a+", sizeof(p));
         } else {
-          BUF_strlcpy(p, "a", sizeof(p));
+          OPENSSL_strlcpy(p, "a", sizeof(p));
         }
       } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) {
-        BUF_strlcpy(p, "r+", sizeof(p));
+        OPENSSL_strlcpy(p, "r+", sizeof(p));
       } else if (num & BIO_FP_WRITE) {
-        BUF_strlcpy(p, "w", sizeof(p));
+        OPENSSL_strlcpy(p, "w", sizeof(p));
       } else if (num & BIO_FP_READ) {
-        BUF_strlcpy(p, "r", sizeof(p));
+        OPENSSL_strlcpy(p, "r", sizeof(p));
       } else {
         OPENSSL_PUT_ERROR(BIO, BIO_R_BAD_FOPEN_MODE);
         ret = 0;
diff --git a/crypto/bio/pair.c b/crypto/bio/pair.c
index f5057ed365..03f60b7cc7 100644
--- a/crypto/bio/pair.c
+++ b/crypto/bio/pair.c
@@ -55,7 +55,6 @@
 #include <assert.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
diff --git a/crypto/buf/buf.c b/crypto/buf/buf.c
index 146b1e0a37..717aaac79b 100644
--- a/crypto/buf/buf.c
+++ b/crypto/buf/buf.c
@@ -145,87 +145,24 @@ int BUF_MEM_append(BUF_MEM *buf, const void *in, size_t len) {
   return 1;
 }
 
-char *BUF_strdup(const char *str) {
-  if (str == NULL) {
-    return NULL;
-  }
-
-  return BUF_strndup(str, strlen(str));
-}
+char *BUF_strdup(const char *str) { return OPENSSL_strdup(str); }
 
 size_t BUF_strnlen(const char *str, size_t max_len) {
-  size_t i;
-
-  for (i = 0; i < max_len; i++) {
-    if (str[i] == 0) {
-      break;
-    }
-  }
-
-  return i;
+  return OPENSSL_strnlen(str, max_len);
 }
 
 char *BUF_strndup(const char *str, size_t size) {
-  char *ret;
-  size_t alloc_size;
-
-  if (str == NULL) {
-    return NULL;
-  }
-
-  size = BUF_strnlen(str, size);
-
-  alloc_size = size + 1;
-  if (alloc_size < size) {
-    // overflow
-    OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE);
-    return NULL;
-  }
-  ret = OPENSSL_malloc(alloc_size);
-  if (ret == NULL) {
-    OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE);
-    return NULL;
-  }
-
-  OPENSSL_memcpy(ret, str, size);
-  ret[size] = '\0';
-  return ret;
+  return OPENSSL_strndup(str, size);
 }
 
 size_t BUF_strlcpy(char *dst, const char *src, size_t dst_size) {
-  size_t l = 0;
-
-  for (; dst_size > 1 && *src; dst_size--) {
-    *dst++ = *src++;
-    l++;
-  }
-
-  if (dst_size) {
-    *dst = 0;
-  }
-
-  return l + strlen(src);
+  return OPENSSL_strlcpy(dst, src, dst_size);
 }
 
 size_t BUF_strlcat(char *dst, const char *src, size_t dst_size) {
-  size_t l = 0;
-  for (; dst_size > 0 && *dst; dst_size--, dst++) {
-    l++;
-  }
-  return l + BUF_strlcpy(dst, src, dst_size);
+  return OPENSSL_strlcat(dst, src, dst_size);
 }
 
 void *BUF_memdup(const void *data, size_t size) {
-  if (size == 0) {
-    return NULL;
-  }
-
-  void *ret = OPENSSL_malloc(size);
-  if (ret == NULL) {
-    OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE);
-    return NULL;
-  }
-
-  OPENSSL_memcpy(ret, data, size);
-  return ret;
+  return OPENSSL_memdup(data, size);
 }
diff --git a/crypto/bytestring/cbb.c b/crypto/bytestring/cbb.c
index 1ddc73c665..25d087ce57 100644
--- a/crypto/bytestring/cbb.c
+++ b/crypto/bytestring/cbb.c
@@ -18,7 +18,6 @@
 #include <limits.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/mem.h>
 
 #include "../internal.h"
@@ -649,7 +648,7 @@ int CBB_flush_asn1_set_of(CBB *cbb) {
   // remain valid as we rewrite |cbb|.
   int ret = 0;
   size_t buf_len = CBB_len(cbb);
-  uint8_t *buf = BUF_memdup(CBB_data(cbb), buf_len);
+  uint8_t *buf = OPENSSL_memdup(CBB_data(cbb), buf_len);
   CBS *children = OPENSSL_malloc(num_children * sizeof(CBS));
   if (buf == NULL || children == NULL) {
     goto err;
diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.c
index f8a8353e51..97c1c59ec0 100644
--- a/crypto/bytestring/cbs.c
+++ b/crypto/bytestring/cbs.c
@@ -12,7 +12,6 @@
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 
-#include <openssl/buf.h>
 #include <openssl/mem.h>
 #include <openssl/bytestring.h>
 
@@ -61,7 +60,7 @@ int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) {
   if (cbs->len == 0) {
     return 1;
   }
-  *out_ptr = BUF_memdup(cbs->data, cbs->len);
+  *out_ptr = OPENSSL_memdup(cbs->data, cbs->len);
   if (*out_ptr == NULL) {
     return 0;
   }
@@ -73,7 +72,7 @@ int CBS_strdup(const CBS *cbs, char **out_ptr) {
   if (*out_ptr != NULL) {
     OPENSSL_free(*out_ptr);
   }
-  *out_ptr = BUF_strndup((const char*)cbs->data, cbs->len);
+  *out_ptr = OPENSSL_strndup((const char*)cbs->data, cbs->len);
   return (*out_ptr != NULL);
 }
 
diff --git a/crypto/cpu-arm-linux.c b/crypto/cpu-arm-linux.c
index 8fe332c338..ed30715ba2 100644
--- a/crypto/cpu-arm-linux.c
+++ b/crypto/cpu-arm-linux.c
@@ -21,7 +21,6 @@
 #include <unistd.h>
 
 #include <openssl/arm_arch.h>
-#include <openssl/buf.h>
 #include <openssl/mem.h>
 
 #include "cpu-arm-linux.h"
diff --git a/crypto/dh/dh.c b/crypto/dh/dh.c
index 7b7b83359d..68d710d7c8 100644
--- a/crypto/dh/dh.c
+++ b/crypto/dh/dh.c
@@ -59,7 +59,6 @@
 #include <string.h>
 
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/ex_data.h>
 #include <openssl/mem.h>
@@ -476,7 +475,7 @@ static int int_dh_param_copy(DH *to, const DH *from, int is_x942) {
   to->seedlen = 0;
 
   if (from->seed) {
-    to->seed = BUF_memdup(from->seed, from->seedlen);
+    to->seed = OPENSSL_memdup(from->seed, from->seedlen);
     if (!to->seed) {
       return 0;
     }
diff --git a/crypto/ec_extra/ec_derive.c b/crypto/ec_extra/ec_derive.c
index ca1dc44293..6904d7bd09 100644
--- a/crypto/ec_extra/ec_derive.c
+++ b/crypto/ec_extra/ec_derive.c
@@ -16,7 +16,6 @@
 
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/ec.h>
 #include <openssl/err.h>
 #include <openssl/digest.h>
@@ -40,8 +39,8 @@ EC_KEY *EC_KEY_derive_from_secret(const EC_GROUP *group, const uint8_t *secret,
   // separated.
   static const char kLabel[] = "derive EC key ";
   char info[sizeof(kLabel) + EC_KEY_DERIVE_MAX_NAME_LEN];
-  BUF_strlcpy(info, kLabel, sizeof(info));
-  BUF_strlcat(info, name, sizeof(info));
+  OPENSSL_strlcpy(info, kLabel, sizeof(info));
+  OPENSSL_strlcat(info, name, sizeof(info));
 
   // Generate 128 bits beyond the group order so the bias is at most 2^-128.
 #define EC_KEY_DERIVE_EXTRA_BITS 128
diff --git a/crypto/evp/evp_test.cc b/crypto/evp/evp_test.cc
index b4be636b8d..4846fbc072 100644
--- a/crypto/evp/evp_test.cc
+++ b/crypto/evp/evp_test.cc
@@ -70,7 +70,6 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
 
 #include <gtest/gtest.h>
 
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/crypto.h>
 #include <openssl/digest.h>
@@ -280,8 +279,8 @@ static bool SetupContext(FileTest *t, KeyMap *key_map, EVP_PKEY_CTX *ctx) {
     }
     // For historical reasons, |EVP_PKEY_CTX_set0_rsa_oaep_label| expects to be
     // take ownership of the input.
-    bssl::UniquePtr<uint8_t> buf(
-        reinterpret_cast<uint8_t *>(BUF_memdup(label.data(), label.size())));
+    bssl::UniquePtr<uint8_t> buf(reinterpret_cast<uint8_t *>(
+        OPENSSL_memdup(label.data(), label.size())));
     if (!buf ||
         !EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, buf.get(), label.size())) {
       return false;
diff --git a/crypto/evp/p_ec.c b/crypto/evp/p_ec.c
index 9c325ae0cf..976754154f 100644
--- a/crypto/evp/p_ec.c
+++ b/crypto/evp/p_ec.c
@@ -58,7 +58,6 @@
 #include <string.h>
 
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/digest.h>
 #include <openssl/ec.h>
 #include <openssl/ec_key.h>
diff --git a/crypto/evp/p_rsa.c b/crypto/evp/p_rsa.c
index 865b36af9b..852f4f6cf6 100644
--- a/crypto/evp/p_rsa.c
+++ b/crypto/evp/p_rsa.c
@@ -59,7 +59,6 @@
 #include <string.h>
 
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/digest.h>
 #include <openssl/err.h>
@@ -135,7 +134,7 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) {
   dctx->saltlen = sctx->saltlen;
   if (sctx->oaep_label) {
     OPENSSL_free(dctx->oaep_label);
-    dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen);
+    dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
     if (!dctx->oaep_label) {
       return 0;
     }
diff --git a/crypto/evp/p_x25519_asn1.c b/crypto/evp/p_x25519_asn1.c
index 90256235e8..99b4cc9c9f 100644
--- a/crypto/evp/p_x25519_asn1.c
+++ b/crypto/evp/p_x25519_asn1.c
@@ -14,7 +14,6 @@
 
 #include <openssl/evp.h>
 
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/curve25519.h>
 #include <openssl/err.h>
@@ -244,6 +243,6 @@ size_t EVP_PKEY_get1_tls_encodedpoint(const EVP_PKEY *pkey, uint8_t **out_ptr) {
     return 0;
   }
 
-  *out_ptr = BUF_memdup(key->pub, 32);
+  *out_ptr = OPENSSL_memdup(key->pub, 32);
   return *out_ptr == NULL ? 0 : 32;
 }
diff --git a/crypto/mem.c b/crypto/mem.c
index 0ca0e84f36..7fc5f98e5a 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -60,6 +60,8 @@
 #include <stdarg.h>
 #include <stdio.h>
 
+#include <openssl/err.h>
+
 #if defined(OPENSSL_WINDOWS)
 OPENSSL_MSVC_PRAGMA(warning(push, 3))
 #include <windows.h>
@@ -211,6 +213,9 @@ size_t OPENSSL_strnlen(const char *s, size_t len) {
 }
 
 char *OPENSSL_strdup(const char *s) {
+  if (s == NULL) {
+    return NULL;
+  }
   const size_t len = strlen(s) + 1;
   char *ret = OPENSSL_malloc(len);
   if (ret == NULL) {
@@ -270,3 +275,68 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) {
 int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) {
   return vsnprintf(buf, n, format, args);
 }
+
+char *OPENSSL_strndup(const char *str, size_t size) {
+  char *ret;
+  size_t alloc_size;
+
+  if (str == NULL) {
+    return NULL;
+  }
+
+  size = OPENSSL_strnlen(str, size);
+
+  alloc_size = size + 1;
+  if (alloc_size < size) {
+    // overflow
+    OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+  ret = OPENSSL_malloc(alloc_size);
+  if (ret == NULL) {
+    OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+
+  OPENSSL_memcpy(ret, str, size);
+  ret[size] = '\0';
+  return ret;
+}
+
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t dst_size) {
+  size_t l = 0;
+
+  for (; dst_size > 1 && *src; dst_size--) {
+    *dst++ = *src++;
+    l++;
+  }
+
+  if (dst_size) {
+    *dst = 0;
+  }
+
+  return l + strlen(src);
+}
+
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t dst_size) {
+  size_t l = 0;
+  for (; dst_size > 0 && *dst; dst_size--, dst++) {
+    l++;
+  }
+  return l + OPENSSL_strlcpy(dst, src, dst_size);
+}
+
+void *OPENSSL_memdup(const void *data, size_t size) {
+  if (size == 0) {
+    return NULL;
+  }
+
+  void *ret = OPENSSL_malloc(size);
+  if (ret == NULL) {
+    OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+
+  OPENSSL_memcpy(ret, data, size);
+  return ret;
+}
diff --git a/crypto/obj/obj.c b/crypto/obj/obj.c
index 9f92785b2e..4f03c594c5 100644
--- a/crypto/obj/obj.c
+++ b/crypto/obj/obj.c
@@ -61,7 +61,6 @@
 #include <string.h>
 
 #include <openssl/asn1.h>
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/err.h>
 #include <openssl/lhash.h>
@@ -424,7 +423,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names) {
 }
 
 static int strlcpy_int(char *dst, const char *src, int dst_size) {
-  size_t ret = BUF_strlcpy(dst, src, dst_size < 0 ? 0 : (size_t)dst_size);
+  size_t ret = OPENSSL_strlcpy(dst, src, dst_size < 0 ? 0 : (size_t)dst_size);
   if (ret > INT_MAX) {
     OPENSSL_PUT_ERROR(OBJ, ERR_R_OVERFLOW);
     return -1;
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 3627a450d2..1cda35bcee 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -62,7 +62,6 @@
 #include <stdio.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/dsa.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index c6824296be..00c0e0afd8 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -92,9 +92,9 @@ void PEM_proc_type(char *buf, int type)
     else
         str = "BAD-TYPE";
 
-    BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
-    BUF_strlcat(buf, str, PEM_BUFSIZE);
-    BUF_strlcat(buf, "\n", PEM_BUFSIZE);
+    OPENSSL_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
+    OPENSSL_strlcat(buf, str, PEM_BUFSIZE);
+    OPENSSL_strlcat(buf, "\n", PEM_BUFSIZE);
 }
 
 void PEM_dek_info(char *buf, const char *type, int len, char *str)
@@ -103,9 +103,9 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
     long i;
     int j;
 
-    BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
-    BUF_strlcat(buf, type, PEM_BUFSIZE);
-    BUF_strlcat(buf, ",", PEM_BUFSIZE);
+    OPENSSL_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
+    OPENSSL_strlcat(buf, type, PEM_BUFSIZE);
+    OPENSSL_strlcat(buf, ",", PEM_BUFSIZE);
     j = strlen(buf);
     if (j + (len * 2) + 1 > PEM_BUFSIZE)
         return;
@@ -772,6 +772,6 @@ int PEM_def_callback(char *buf, int size, int rwflag, void *userdata)
     if (len >= (size_t)size) {
         return 0;
     }
-    BUF_strlcpy(buf, userdata, (size_t)size);
+    OPENSSL_strlcpy(buf, userdata, (size_t)size);
     return len;
 }
diff --git a/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.c
index 8530c56756..797f8223d6 100644
--- a/crypto/pem/pem_oth.c
+++ b/crypto/pem/pem_oth.c
@@ -59,7 +59,6 @@
 
 #include <stdio.h>
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 #include <openssl/evp.h>
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 15385ecafc..819a3292cf 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -56,7 +56,6 @@
 
 #include <openssl/pem.h>
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/mem.h>
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 725a84be9a..5776535ed0 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/dh.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
diff --git a/crypto/pkcs7/pkcs7_x509.c b/crypto/pkcs7/pkcs7_x509.c
index d6ca44eac5..107bdea7f9 100644
--- a/crypto/pkcs7/pkcs7_x509.c
+++ b/crypto/pkcs7/pkcs7_x509.c
@@ -260,7 +260,7 @@ static PKCS7 *pkcs7_new(CBS *cbs) {
   }
 
   ret->ber_len = CBS_len(&copy2) - CBS_len(cbs);
-  ret->ber_bytes = BUF_memdup(CBS_data(&copy2), ret->ber_len);
+  ret->ber_bytes = OPENSSL_memdup(CBS_data(&copy2), ret->ber_len);
   if (ret->ber_bytes == NULL) {
     goto err;
   }
diff --git a/crypto/pool/pool.c b/crypto/pool/pool.c
index c53210a375..917e43c2fb 100644
--- a/crypto/pool/pool.c
+++ b/crypto/pool/pool.c
@@ -17,7 +17,6 @@
 #include <assert.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/mem.h>
 #include <openssl/thread.h>
@@ -99,7 +98,7 @@ CRYPTO_BUFFER *CRYPTO_BUFFER_new(const uint8_t *data, size_t len,
   }
   OPENSSL_memset(buf, 0, sizeof(CRYPTO_BUFFER));
 
-  buf->data = BUF_memdup(data, len);
+  buf->data = OPENSSL_memdup(data, len);
   if (len != 0 && buf->data == NULL) {
     OPENSSL_free(buf);
     return NULL;
diff --git a/crypto/test/abi_test.cc b/crypto/test/abi_test.cc
index 6b17031050..3e5043de04 100644
--- a/crypto/test/abi_test.cc
+++ b/crypto/test/abi_test.cc
@@ -20,7 +20,6 @@
 #include <algorithm>
 #include <array>
 
-#include <openssl/buf.h>
 #include <openssl/mem.h>
 #include <openssl/rand.h>
 #include <openssl/span.h>
@@ -184,7 +183,7 @@ static void StrCatSignalSafeImpl(bssl::Span<char> out) {}
 template <typename... Args>
 static void StrCatSignalSafeImpl(bssl::Span<char> out, const char *str,
                                  Args... args) {
-  BUF_strlcat(out.data(), str, out.size());
+  OPENSSL_strlcat(out.data(), str, out.size());
   StrCatSignalSafeImpl(out, args...);
 }
 
diff --git a/crypto/x509/a_verify.c b/crypto/x509/a_verify.c
index 5b751675cd..8587b5906f 100644
--- a/crypto/x509/a_verify.c
+++ b/crypto/x509/a_verify.c
@@ -61,7 +61,6 @@
 #include <sys/types.h>
 
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/digest.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 9a0e2ebc6c..7b91cbd0a1 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -236,7 +236,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                 by_dir_entry_free(ent);
                 return 0;
             }
-            BUF_strlcpy(ent->dir, ss, len + 1);
+            OPENSSL_strlcpy(ent->dir, ss, len + 1);
             if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
                 by_dir_entry_free(ent);
                 return 0;
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index dfff425dd2..994beb9b13 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -57,7 +57,6 @@
 
 #include <stdlib.h>
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/thread.h>
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 17314af53f..28f2e95ed7 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -58,7 +58,6 @@
 #include <string.h>
 
 #include <openssl/asn1.h>
-#include <openssl/buf.h>
 #include <openssl/digest.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index 65b1bfb501..520b7a0793 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -101,7 +101,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
             buf = b->data;
             OPENSSL_free(b);
         }
-        BUF_strlcpy(buf, "NO X509_NAME", len);
+        OPENSSL_strlcpy(buf, "NO X509_NAME", len);
         return buf;
     }
 
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index 9bdf441f20..723bd49555 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -56,7 +56,6 @@
 
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/digest.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 3a732617c8..d918b09706 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -58,7 +58,6 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/mem.h>
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index f899424b5b..18ac8839e0 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -54,7 +54,6 @@
  * (eay@cryptsoft.com).  This product includes software written by Tim
  * Hudson (tjh@cryptsoft.com). */
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 #include <openssl/obj.h>
@@ -201,7 +200,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
         trtmp = X509_TRUST_get0(idx);
 
     /* Duplicate the supplied name. */
-    name_dup = BUF_strdup(name);
+    name_dup = OPENSSL_strdup(name);
     if (name_dup == NULL) {
         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
         if (idx == -1)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index fff97fac99..23bbeb512c 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -59,7 +59,6 @@
 #include <time.h>
 
 #include <openssl/asn1.h>
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/mem.h>
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 84ec838b7c..d8d1efe883 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -56,7 +56,6 @@
 
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/mem.h>
 #include <openssl/obj.h>
 #include <openssl/stack.h>
@@ -106,7 +105,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
         id->hosts = NULL;
     }
 
-    copy = BUF_strndup(name, namelen);
+    copy = OPENSSL_strndup(name, namelen);
     if (copy == NULL)
         return 0;
 
@@ -345,7 +344,7 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen,
         return 0;
     }
 
-    tmp = BUF_memdup(src, srclen);
+    tmp = OPENSSL_memdup(src, srclen);
     if (!tmp) {
         return 0;
     }
@@ -362,7 +361,7 @@ int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
 {
     if (param->name)
         OPENSSL_free(param->name);
-    param->name = BUF_strdup(name);
+    param->name = OPENSSL_strdup(name);
     if (param->name)
         return 1;
     return 0;
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index a37d7bdee6..33c11b685b 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -59,7 +59,6 @@
 #include <limits.h>
 
 #include <openssl/asn1.h>
-#include <openssl/buf.h>
 #include <openssl/digest.h>
 #include <openssl/dsa.h>
 #include <openssl/evp.h>
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index 74e05bf4c7..0e79b450a3 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -169,9 +169,9 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
             for (i = 0; i < 8; i++) {
                 BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]);
                 p += 2;
-                BUF_strlcat(oline, htmp, sizeof(oline));
+                OPENSSL_strlcat(oline, htmp, sizeof(oline));
                 if (i != 7)
-                    BUF_strlcat(oline, ":", sizeof(oline));
+                    OPENSSL_strlcat(oline, ":", sizeof(oline));
             }
         } else {
             if (!X509V3_add_value("IP Address", "<invalid>", &ret))
@@ -594,7 +594,7 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
     objtmp = OPENSSL_malloc(objlen + 1);
     if (objtmp == NULL)
         return 0;
-    BUF_strlcpy(objtmp, value, objlen + 1);
+    OPENSSL_strlcpy(objtmp, value, objlen + 1);
     gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
     OPENSSL_free(objtmp);
     if (!gen->d.otherName->type_id)
diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
index 6bfb232c5c..eff77e875f 100644
--- a/crypto/x509v3/v3_enum.c
+++ b/crypto/x509v3/v3_enum.c
@@ -57,8 +57,8 @@
 
 #include <stdio.h>
 
-#include <openssl/buf.h>
 #include <openssl/obj.h>
+#include <openssl/mem.h>
 #include <openssl/x509v3.h>
 
 static const ENUMERATED_NAMES crl_reasons[] = {
@@ -94,7 +94,7 @@ char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e)
     strval = ASN1_ENUMERATED_get(e);
     for (enam = method->usr_data; enam->lname; enam++) {
         if (strval == enam->bitnum)
-            return BUF_strdup(enam->lname);
+            return OPENSSL_strdup(enam->lname);
     }
     return i2s_ASN1_ENUMERATED(method, e);
 }
diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c
index ff96489e47..7a48bd5543 100644
--- a/crypto/x509v3/v3_info.c
+++ b/crypto/x509v3/v3_info.c
@@ -62,7 +62,6 @@
 
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
-#include <openssl/buf.h>
 #include <openssl/conf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
@@ -137,9 +136,9 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
         ntmp = OPENSSL_malloc(nlen);
         if (ntmp == NULL)
             goto err;
-        BUF_strlcpy(ntmp, objtmp, nlen);
-        BUF_strlcat(ntmp, " - ", nlen);
-        BUF_strlcat(ntmp, vtmp->name, nlen);
+        OPENSSL_strlcpy(ntmp, objtmp, nlen);
+        OPENSSL_strlcat(ntmp, " - ", nlen);
+        OPENSSL_strlcat(ntmp, vtmp->name, nlen);
         OPENSSL_free(vtmp->name);
         vtmp->name = ntmp;
 
@@ -192,7 +191,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
             OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        BUF_strlcpy(objtmp, cnf->name, objlen + 1);
+        OPENSSL_strlcpy(objtmp, cnf->name, objlen + 1);
         acc->method = OBJ_txt2obj(objtmp, 0);
         if (!acc->method) {
             OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_OBJECT);
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 25768c0947..d9d105e808 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -59,7 +59,6 @@
 
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/digest.h>
 #include <openssl/mem.h>
@@ -237,8 +236,8 @@ int X509_PURPOSE_add(int id, int trust, int flags,
         ptmp = X509_PURPOSE_get0(idx);
 
     /* Duplicate the supplied names. */
-    name_dup = BUF_strdup(name);
-    sname_dup = BUF_strdup(sname);
+    name_dup = OPENSSL_strdup(name);
+    sname_dup = OPENSSL_strdup(sname);
     if (name_dup == NULL || sname_dup == NULL) {
         OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
         if (name_dup != NULL)
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 86c49403b8..9138ef7598 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -63,7 +63,6 @@
 #include <string.h>
 
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/conf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
@@ -94,9 +93,9 @@ int X509V3_add_value(const char *name, const char *value,
 {
     CONF_VALUE *vtmp = NULL;
     char *tname = NULL, *tvalue = NULL;
-    if (name && !(tname = BUF_strdup(name)))
+    if (name && !(tname = OPENSSL_strdup(name)))
         goto err;
-    if (value && !(tvalue = BUF_strdup(value)))
+    if (value && !(tvalue = OPENSSL_strdup(value)))
         goto err;
     if (!(vtmp = CONF_VALUE_new()))
         goto err;
@@ -185,11 +184,11 @@ static char *bignum_to_string(const BIGNUM *bn)
 
     /* Prepend "0x", but place it after the "-" if negative. */
     if (tmp[0] == '-') {
-        BUF_strlcpy(ret, "-0x", len);
-        BUF_strlcat(ret, tmp + 1, len);
+        OPENSSL_strlcpy(ret, "-0x", len);
+        OPENSSL_strlcat(ret, tmp + 1, len);
     } else {
-        BUF_strlcpy(ret, "0x", len);
-        BUF_strlcat(ret, tmp, len);
+        OPENSSL_strlcpy(ret, "0x", len);
+        OPENSSL_strlcat(ret, tmp, len);
     }
     OPENSSL_free(tmp);
     return ret;
@@ -331,7 +330,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
     char *linebuf;
     int state;
     /* We are going to modify the line so copy it first */
-    linebuf = BUF_strdup(line);
+    linebuf = OPENSSL_strdup(line);
     if (linebuf == NULL) {
         OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -646,7 +645,7 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
     sk_OPENSSL_STRING_sort(*sk);
     if (sk_OPENSSL_STRING_find(*sk, NULL, (char *)email->data))
         return 1;
-    emtmp = BUF_strdup((char *)email->data);
+    emtmp = OPENSSL_strdup((char *)email->data);
     if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
         X509_email_free(*sk);
         *sk = NULL;
@@ -978,7 +977,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
         else if (a->length == (int)blen && !OPENSSL_memcmp(a->data, b, blen))
             rv = 1;
         if (rv > 0 && peername)
-            *peername = BUF_strndup((char *)a->data, a->length);
+            *peername = OPENSSL_strndup((char *)a->data, a->length);
     } else {
         int astrlen;
         unsigned char *astr;
@@ -997,7 +996,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
             rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
         }
         if (rv > 0 && peername)
-            *peername = BUF_strndup((char *)astr, astrlen);
+            *peername = OPENSSL_strndup((char *)astr, astrlen);
         OPENSSL_free(astr);
     }
     return rv;
@@ -1156,7 +1155,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
     p = strchr(ipasc, '/');
     if (!p)
         return NULL;
-    iptmp = BUF_strdup(ipasc);
+    iptmp = OPENSSL_strdup(ipasc);
     if (!iptmp)
         return NULL;
     p = iptmp + (p - ipasc);
diff --git a/include/openssl/buf.h b/include/openssl/buf.h
index 10a555f404..a57f000a18 100644
--- a/include/openssl/buf.h
+++ b/include/openssl/buf.h
@@ -97,25 +97,25 @@ OPENSSL_EXPORT size_t BUF_MEM_grow_clean(BUF_MEM *buf, size_t len);
 // error.
 OPENSSL_EXPORT int BUF_MEM_append(BUF_MEM *buf, const void *in, size_t len);
 
-// BUF_strdup returns an allocated, duplicate of |str|.
+
+// Deprecated functions.
+
+// BUF_strdup calls |OPENSSL_strdup|.
 OPENSSL_EXPORT char *BUF_strdup(const char *str);
 
-// BUF_strnlen returns the number of characters in |str|, excluding the NUL
-// byte, but at most |max_len|. This function never reads more than |max_len|
-// bytes from |str|.
+// BUF_strnlen calls |OPENSSL_strnlen|.
 OPENSSL_EXPORT size_t BUF_strnlen(const char *str, size_t max_len);
 
-// BUF_strndup returns an allocated, duplicate of |str|, which is, at most,
-// |size| bytes. The result is always NUL terminated.
+// BUF_strndup calls |OPENSSL_strndup|.
 OPENSSL_EXPORT char *BUF_strndup(const char *str, size_t size);
 
-// BUF_memdup returns an allocated, duplicate of |size| bytes from |data|.
+// BUF_memdup calls |OPENSSL_memdup|.
 OPENSSL_EXPORT void *BUF_memdup(const void *data, size_t size);
 
-// BUF_strlcpy acts like strlcpy(3).
+// BUF_strlcpy calls |OPENSSL_strlcpy|.
 OPENSSL_EXPORT size_t BUF_strlcpy(char *dst, const char *src, size_t dst_size);
 
-// BUF_strlcat acts like strlcat(3).
+// BUF_strlcat calls |OPENSSL_strlcat|.
 OPENSSL_EXPORT size_t BUF_strlcat(char *dst, const char *src, size_t dst_size);
 
 
diff --git a/include/openssl/mem.h b/include/openssl/mem.h
index 2e25f52a7f..cceabcdc8c 100644
--- a/include/openssl/mem.h
+++ b/include/openssl/mem.h
@@ -126,8 +126,23 @@ OPENSSL_EXPORT int BIO_snprintf(char *buf, size_t n, const char *format, ...)
 
 // BIO_vsnprintf has the same behavior as vsnprintf(3).
 OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format,
-                                 va_list args)
-    OPENSSL_PRINTF_FORMAT_FUNC(3, 0);
+                                 va_list args) OPENSSL_PRINTF_FORMAT_FUNC(3, 0);
+
+// OPENSSL_strndup returns an allocated, duplicate of |str|, which is, at most,
+// |size| bytes. The result is always NUL terminated.
+OPENSSL_EXPORT char *OPENSSL_strndup(const char *str, size_t size);
+
+// OPENSSL_memdup returns an allocated, duplicate of |size| bytes from |data| or
+// NULL on allocation failure.
+OPENSSL_EXPORT void *OPENSSL_memdup(const void *data, size_t size);
+
+// OPENSSL_strlcpy acts like strlcpy(3).
+OPENSSL_EXPORT size_t OPENSSL_strlcpy(char *dst, const char *src,
+                                      size_t dst_size);
+
+// OPENSSL_strlcat acts like strlcat(3).
+OPENSSL_EXPORT size_t OPENSSL_strlcat(char *dst, const char *src,
+                                      size_t dst_size);
 
 
 // Deprecated functions.
diff --git a/ssl/d1_both.cc b/ssl/d1_both.cc
index 5a24fb2ba8..2b652d1af2 100644
--- a/ssl/d1_both.cc
+++ b/ssl/d1_both.cc
@@ -117,7 +117,6 @@
 #include <limits.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/mem.h>
diff --git a/ssl/d1_pkt.cc b/ssl/d1_pkt.cc
index dfb8a67ad0..b9b0ef9314 100644
--- a/ssl/d1_pkt.cc
+++ b/ssl/d1_pkt.cc
@@ -115,7 +115,6 @@
 #include <string.h>
 
 #include <openssl/bio.h>
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/mem.h>
 #include <openssl/evp.h>
diff --git a/ssl/dtls_method.cc b/ssl/dtls_method.cc
index d49687f8aa..0ce7c1f3f6 100644
--- a/ssl/dtls_method.cc
+++ b/ssl/dtls_method.cc
@@ -59,7 +59,6 @@
 #include <assert.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 
 #include "../crypto/internal.h"
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 8be9f6bbf5..23f48c14d0 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -157,7 +157,6 @@
 
 #include <openssl/aead.h>
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/ec_key.h>
 #include <openssl/ecdsa.h>
@@ -1291,7 +1290,7 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
     }
     assert(psk_len <= PSK_MAX_PSK_LEN);
 
-    hs->new_session->psk_identity.reset(BUF_strdup(identity));
+    hs->new_session->psk_identity.reset(OPENSSL_strdup(identity));
     if (hs->new_session->psk_identity == nullptr) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return ssl_hs_error;
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 36aa560661..c7d7fb6773 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -152,7 +152,6 @@
 #include <string.h>
 
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/cipher.h>
 #include <openssl/ec.h>
diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc
index d7f8a85448..f1f0ec7bf1 100644
--- a/ssl/s3_lib.cc
+++ b/ssl/s3_lib.cc
@@ -151,7 +151,6 @@
 #include <assert.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/digest.h>
 #include <openssl/err.h>
 #include <openssl/md5.h>
diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc
index a54bb001ba..2fcc2a5324 100644
--- a/ssl/s3_pkt.cc
+++ b/ssl/s3_pkt.cc
@@ -112,7 +112,6 @@
 #include <limits.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/mem.h>
diff --git a/ssl/ssl_asn1.cc b/ssl/ssl_asn1.cc
index 3fd7fb6a7b..ea02cf40b5 100644
--- a/ssl/ssl_asn1.cc
+++ b/ssl/ssl_asn1.cc
@@ -87,7 +87,6 @@
 
 #include <utility>
 
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
@@ -758,7 +757,7 @@ int SSL_SESSION_to_bytes(const SSL_SESSION *in, uint8_t **out_data,
     static const char kNotResumableSession[] = "NOT RESUMABLE";
 
     *out_len = strlen(kNotResumableSession);
-    *out_data = (uint8_t *)BUF_memdup(kNotResumableSession, *out_len);
+    *out_data = (uint8_t *)OPENSSL_memdup(kNotResumableSession, *out_len);
     if (*out_data == NULL) {
       return 0;
     }
diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index b565a356a7..4f8038232c 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc
@@ -121,7 +121,6 @@
 #include <utility>
 
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/ec_key.h>
 #include <openssl/err.h>
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index 30037f6bdf..c4212926c7 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc
@@ -143,7 +143,6 @@
 #include <assert.h>
 #include <string.h>
 
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/md5.h>
 #include <openssl/mem.h>
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 703c2bc9cf..a53a5e3281 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -699,7 +699,7 @@ SSL *SSL_new(SSL_CTX *ctx) {
 
   if (ctx->psk_identity_hint) {
     ssl->config->psk_identity_hint.reset(
-        BUF_strdup(ctx->psk_identity_hint.get()));
+        OPENSSL_strdup(ctx->psk_identity_hint.get()));
     if (ssl->config->psk_identity_hint == nullptr) {
       return nullptr;
     }
@@ -2129,7 +2129,7 @@ int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
     return 0;
   }
-  ssl->hostname.reset(BUF_strdup(name));
+  ssl->hostname.reset(OPENSSL_strdup(name));
   if (ssl->hostname == nullptr) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     return 0;
@@ -2580,7 +2580,7 @@ static int use_psk_identity_hint(UniquePtr<char> *out,
   // ECDHE_PSK can only spell empty hint. Having different capabilities is odd,
   // so we interpret empty and missing as identical.
   if (identity_hint != NULL && identity_hint[0] != '\0') {
-    out->reset(BUF_strdup(identity_hint));
+    out->reset(OPENSSL_strdup(identity_hint));
     if (*out == nullptr) {
       return 0;
     }
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index bb04b1ad88..77d3f4c2e6 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -208,7 +208,8 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
 
   // Copy authentication state.
   if (session->psk_identity != nullptr) {
-    new_session->psk_identity.reset(BUF_strdup(session->psk_identity.get()));
+    new_session->psk_identity.reset(
+        OPENSSL_strdup(session->psk_identity.get()));
     if (new_session->psk_identity == nullptr) {
       return nullptr;
     }
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 9bd389bd2b..61de1365f8 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -39,7 +39,6 @@ OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib"))
 
 #include <openssl/aead.h>
 #include <openssl/bio.h>
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/cipher.h>
 #include <openssl/crypto.h>
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index 6313673513..23de5e9f66 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -1361,7 +1361,7 @@ static unsigned PskClientCallback(SSL *ssl, const char *hint,
     return 0;
   }
 
-  BUF_strlcpy(out_identity, config->psk_identity.c_str(), max_identity_len);
+  OPENSSL_strlcpy(out_identity, config->psk_identity.c_str(), max_identity_len);
   OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size());
   return config->psk.size();
 }
diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc
index 95fac4d5f7..a642e7542e 100644
--- a/ssl/tls_method.cc
+++ b/ssl/tls_method.cc
@@ -59,7 +59,7 @@
 #include <assert.h>
 #include <string.h>
 
-#include <openssl/buf.h>
+#include <openssl/err.h>
 
 #include "../crypto/internal.h"
 #include "internal.h"