Index: src/SSLSocket.m
==================================================================
--- src/SSLSocket.m
+++ src/SSLSocket.m
@@ -1,8 +1,8 @@
 /*
- * Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020
- *     Jonathan Schleifer <js@nil.im>
+ * Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020,
+ *               2021, Jonathan Schleifer <js@nil.im>
  * Copyright (c) 2011, Florian Zeitz <florob@babelmonkeys.de>
  * Copyright (c) 2011, Jos Kuijpers <jos@kuijpersvof.nl>
  *
  * https://fossil.nil.im/objopenssl
  *
@@ -39,25 +39,11 @@
 
 #if defined(__clang__)
 # pragma clang diagnostic pop
 #endif
 
-#import <ObjFW/OFThread.h>
-#import <ObjFW/OFHTTPRequest.h>
-#import <ObjFW/OFData.h>
-#import <ObjFW/OFLocale.h>
-
-#import <ObjFW/OFAcceptFailedException.h>
-#import <ObjFW/OFInitializationFailedException.h>
-#import <ObjFW/OFInvalidArgumentException.h>
-#import <ObjFW/OFNotOpenException.h>
-#import <ObjFW/OFOutOfRangeException.h>
-#import <ObjFW/OFReadFailedException.h>
-#import <ObjFW/OFWriteFailedException.h>
-
-#import <ObjFW/macros.h>
-#import <ObjFW/mutex.h>
+#import <ObjFW/ObjFW.h>
 
 #import "SSLSocket.h"
 #import "X509Certificate.h"
 
 #import "SSLConnectionFailedException.h"
@@ -66,11 +52,11 @@
 #ifndef INVALID_SOCKET
 # define INVALID_SOCKET -1
 #endif
 
 static SSL_CTX *ctx;
-static of_mutex_t *ssl_mutexes;
+static OFPlainMutex *SSLMutexes;
 
 static unsigned long
 threadID(void)
 {
 	return (unsigned long)(uintptr_t)[OFThread currentThread];
@@ -83,13 +69,13 @@
 	 * This function must handle up to CRYPTO_num_locks() mutexes.
 	 * It must set the n-th lock if mode & CRYPTO_LOCK,
 	 * release it otherwise.
 	 */
 	if (mode & CRYPTO_LOCK)
-		of_mutex_lock(&ssl_mutexes[n]);
+		OFEnsure(OFPlainMutexLock(&SSLMutexes[n]) == 0);
 	else
-		of_mutex_unlock(&ssl_mutexes[n]);
+		OFEnsure(OFPlainMutexUnlock(&SSLMutexes[n]) == 0);
 }
 
 @interface SSLSocket ()
 - (void)SSL_startTLSWithExpectedHost: (OFString *)host port: (uint16_t)port;
 - (void)SSL_super_close;
@@ -173,11 +159,11 @@
 @synthesize verifiesCertificates = _verifiesCertificates;
 @synthesize requestsClientCertificates = _requestsClientCertificates;
 
 + (void)load
 {
-	of_tls_socket_class = self;
+	OFTLSSocketClass = self;
 }
 
 + (void)initialize
 {
 	int m;
@@ -189,13 +175,13 @@
 	/* OpenSSL >= 1.1 defines the line above to a nop */
 	(void)threadID;
 
 	/* Generate number of mutexes needed */
 	m = CRYPTO_num_locks();
-	ssl_mutexes = malloc(m * sizeof(of_mutex_t));
+	SSLMutexes = OFAllocMemory(m, sizeof(OFPlainMutex));
 	for (m--; m >= 0; m--)
-		of_mutex_new(&ssl_mutexes[m]);
+		OFEnsure(OFPlainMutexNew(&SSLMutexes[m]) == 0);
 
 	CRYPTO_set_locking_callback(&lockingCallback);
 	/* OpenSSL >= 1.1 defines the line above to a nop */
 	(void)lockingCallback;
 
@@ -253,22 +239,21 @@
 		SSL_free(SSL_);
 }
 
 - (void)SSL_startTLSWithExpectedHost: (OFString *)host port: (uint16_t)port
 {
-	of_string_encoding_t encoding;
+	OFStringEncoding encoding;
 
 	if ((_SSL = SSL_new(ctx)) == NULL || SSL_set_fd(_SSL, _socket) != 1) {
 		unsigned long error = ERR_get_error();
 
 		[super close];
 
-		@throw [SSLConnectionFailedException
-		    exceptionWithHost: host
-				 port: port
-			       socket: self
-			     SSLError: error];
+		@throw [SSLConnectionFailedException exceptionWithHost: host
+								  port: port
+								socket: self
+							      SSLError: error];
 	}
 
 	if (SSL_set_tlsext_host_name(_SSL, host.UTF8String) != 1) {
 		unsigned long error = ERR_get_error();
 
@@ -349,11 +334,11 @@
 	[self SSL_startTLSWithExpectedHost: host port: 0];
 }
 
 - (void)asyncConnectToHost: (OFString *)host
 		      port: (uint16_t)port
-	       runLoopMode: (of_run_loop_mode_t)runLoopMode
+	       runLoopMode: (OFRunLoopMode)runLoopMode
 {
 	void *pool = objc_autoreleasePoolPush();
 
 	[[[SSLSocket_ConnectDelegate alloc]
 	    initWithSocket: self
@@ -366,12 +351,12 @@
 }
 
 #ifdef OF_HAVE_BLOCKS
 - (void)asyncConnectToHost: (OFString *)host
 		      port: (uint16_t)port
-	       runLoopMode: (of_run_loop_mode_t)runLoopMode
-		     block: (of_tcp_socket_async_connect_block_t)block
+	       runLoopMode: (OFRunLoopMode)runLoopMode
+		     block: (OFTCPSocketAsyncConnectBlock)block
 {
 	[super asyncConnectToHost: host
 			     port: port
 		      runLoopMode: runLoopMode
 			    block: ^ (id exception) {
@@ -391,11 +376,11 @@
 #endif
 
 - (instancetype)accept
 {
 	SSLSocket *client = (SSLSocket *)[super accept];
-	of_string_encoding_t encoding;
+	OFStringEncoding encoding;
 
 	if ((client->_SSL = SSL_new(ctx)) == NULL ||
 	    !SSL_set_fd(client->_SSL, client->_socket)) {
 		[client SSL_super_close];
 		/* FIXME: Get a proper errno */

Index: src/X509Certificate.m
==================================================================
--- src/X509Certificate.m
+++ src/X509Certificate.m
@@ -1,8 +1,8 @@
 /*
  * Copyright (c) 2011, Florian Zeitz <florob@babelmonkeys.de>
- * Copyright (c) 2011, 2012, 2013, 2015, Jonathan Schleifer <js@nil.im>
+ * Copyright (c) 2011, 2012, 2013, 2015, 2021, Jonathan Schleifer <js@nil.im>
  *
  * https://fossil.nil.im/objopenssl
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -96,12 +96,11 @@
 - (instancetype)initWithX509Struct: (X509 *)certificate
 {
 	self = [super init];
 
 	@try {
-		_certificate = X509_dup(certificate);
-		if (_certificate == NULL)
+		if ((_certificate = X509_dup(certificate)) == NULL)
 			@throw [OFInitializationFailedException
 			    exceptionWithClass: self.class];
 	} @catch (id e) {
 		[self release];
 		@throw e;
@@ -330,11 +329,11 @@
 	serviceLength = service.length;
 
 	for (OFString *name in assertedNames) {
 		if ([name hasPrefix: service]) {
 			OFString *asserted;
-			asserted = [name substringWithRange: of_range(
+			asserted = [name substringWithRange: OFRangeMake(
 			    serviceLength, name.length - serviceLength)];
 			if ([self X509_isAssertedDomain: asserted
 					    equalDomain: domain]) {
 				objc_autoreleasePoolPop(pool);
 				return true;
@@ -356,25 +355,25 @@
 	 * but not foo.bar.example.com
 	 */
 
 	size_t firstDot;
 
-	if ([asserted caseInsensitiveCompare: domain] == OF_ORDERED_SAME)
+	if ([asserted caseInsensitiveCompare: domain] == OFOrderedSame)
 		return true;
 
 	if (![asserted hasPrefix: @"*."])
 		return false;
 
 	asserted = [asserted substringWithRange:
-	    of_range(2, asserted.length - 2)];
+	    OFRangeMake(2, asserted.length - 2)];
 
 	firstDot = [domain rangeOfString: @"."].location;
-	if (firstDot == OF_NOT_FOUND)
+	if (firstDot == OFNotFound)
 		return false;
 
 	domain = [domain substringWithRange:
-	    of_range(firstDot + 1, domain.length - firstDot - 1)];
+	    OFRangeMake(firstDot + 1, domain.length - firstDot - 1)];
 
 	if ([asserted caseInsensitiveCompare: domain] == 0)
 		return true;
 
 	return false;
@@ -410,23 +409,23 @@
 
 - (X509OID *)X509_stringFromASN1Object: (ASN1_OBJECT *)object
 {
 	X509OID *ret;
 	int length, bufferLength = 256;
-	char *buffer = of_alloc(1, bufferLength);
+	char *buffer = OFAllocMemory(1, bufferLength);
 
 	@try {
 		while ((length = OBJ_obj2txt(buffer, bufferLength, object,
 		    1)) > bufferLength) {
 			bufferLength = length;
-			buffer = of_realloc(buffer, 1, bufferLength);
+			buffer = OFResizeMemory(buffer, 1, bufferLength);
 		}
 
 		ret = [[[X509OID alloc]
 		    initWithUTF8String: buffer] autorelease];
 	} @finally {
-		free(buffer);
+		OFFreeMemory(buffer);
 	}
 
 	return ret;
 }