Remove some documentation for functions not in 1.0.x

A few functions in the recently added EVP_EncodeInit docs don't apply to the 1.0.x branches. Reviewed-by: Richard Levitte <levitte@openssl.org>
Add documentation for EVP_EncodeInit() and similar functions
2016-05-03 12:54:06 +01:00 · 2016-05-03 11:54:00 +01:00 · 2016-05-03 11:52:53 +01:00 · 2016-05-03 11:52:53 +01:00 · 2016-05-03 10:28:00 +01:00 · 2016-05-03 09:03:16 +01:00
534 changed files with 7194 additions and 4459 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1,22 +0,0 @@
 openssl.pc
 libcrypto.pc
 libssl.pc
 MINFO
 makefile.one
 tmp
 out
 outinc
 rehash.time
 testlog
 make.log
 maketest.log
 cctest
 cctest.c
 cctest.a
 *.flc
 semantic.cache
 Makefile
 *.dll*
 *.so*
 *.sl*
 *.dylib*
--- a/.gitignore
+++ b/.gitignore
@ -7,6 +7,7 @@
 .#*
 #*#
 *~
 /.dir-locals.el
 # Top level excludes
 /Makefile.bak
@ -95,8 +96,12 @@ tags
 TAGS
 # Windows
 /tmp32
 /tmp32.dbg
 /tmp32dll
 /tmp32dll.dbg
 /out32
 /out32.dbg
 /out32dll
 /out32dll.dbg
 /inc32
--- a/.travis-create-release.sh
+++ b/.travis-create-release.sh
@ -0,0 +1,10 @@
 #! /bin/sh
 # $1 is expected to be $TRAVIS_OS_NAME
 if [ "$1" == osx ]; then
    make -f Makefile.org \
 	 DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist
 else
    make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist
 fi
--- a/.travis.yml
+++ b/.travis.yml
@ -0,0 +1,60 @@
 language: c
 addons:
    apt_packages:
        - binutils-mingw-w64
        - gcc-mingw-w64
 os:
    - linux
    - osx
 compiler:
    - clang
    - gcc
    - i686-w64-mingw32-gcc
    - x86_64-w64-mingw32-gcc
 env:
    - CONFIG_OPTS=""
    - CONFIG_OPTS="shared"
    - CONFIG_OPTS="-d --strict-warnings"
 matrix:
    exclude:
        - os: osx
          compiler: i686-w64-mingw32-gcc
        - os: osx
          compiler: x86_64-w64-mingw32-gcc
        - compiler: i686-w64-mingw32-gcc
          env: CONFIG_OPTS="-d --strict-warnings"
        - compiler: x86_64-w64-mingw32-gcc
          env: CONFIG_OPTS="-d --strict-warnings"
 before_script:
    - sh .travis-create-release.sh $TRAVIS_OS_NAME
    - tar -xvzf _srcdist.tar.gz
    - cd _srcdist
    - if [ "$CC" == i686-w64-mingw32-gcc ]; then
          export CROSS_COMPILE=${CC%%gcc}; unset CC;
          ./Configure mingw $CONFIG_OPTS;
      elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
          export CROSS_COMPILE=${CC%%gcc}; unset CC;
          ./Configure mingw64 $CONFIG_OPTS;
      else
          ./config $CONFIG_OPTS;
      fi
    - cd ..
 script:
    - cd _srcdist
    - make
    - if [ -z "$CROSS_COMPILE" ]; then make test; fi
    - cd ..
 notifications:
    recipient:
        - openssl-commits@openssl.org
    email:
        on_success: change
        on_failure: always
--- a/32
+++ b/32
@ -1,30 +1,2 @@
-The OpenSSL project depends on volunteer efforts and financial support from
+Please https://www.openssl.org/community/thanks.html for the current
-the end user community. That support comes in the form of donations and paid
+acknowledgements.
 sponsorships, software support contracts, paid consulting services
 and commissioned software development.
 Since all these activities support the continued development and improvement
 of OpenSSL we consider all these clients and customers as sponsors of the
 OpenSSL project.
 We would like to identify and thank the following such sponsors for their past
 or current significant support of the OpenSSL project:
 Major support:
 	Qualys		http://www.qualys.com/
 Very significant support:
 	OpenGear:	http://www.opengear.com/
 Significant support:
 	PSW Group:	http://www.psw.net/
 	Acano Ltd.	http://acano.com/
 Please note that we ask permission to identify sponsors and that some sponsors
 we consider eligible for inclusion here have requested to remain anonymous.
 Additional sponsorship or financial support is always welcome: for more
 information please contact the OpenSSL Software Foundation.
--- a/471
+++ b/471
@ -2,6 +2,315 @@
 OpenSSL CHANGES
 _______________
 Changes between 1.0.1s and 1.0.1t [xx XXX xxxx]
  *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
     default.
     [Kurt Roeckx]
  *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
     methods are enabled and ssl2 is disabled the methods return NULL.
     [Kurt Roeckx]
 Changes between 1.0.1r and 1.0.1s [1 Mar 2016]
  * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
    Builds that are not configured with "enable-weak-ssl-ciphers" will not
    provide any "EXPORT" or "LOW" strength ciphers.
    [Viktor Dukhovni]
  * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
    is by default disabled at build-time.  Builds that are not configured with
    "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
    users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
    will need to explicitly call either of:
        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
    or
        SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
    as appropriate.  Even if either of those is used, or the application
    explicitly uses the version-specific SSLv2_method() or its client and
    server variants, SSLv2 ciphers vulnerable to exhaustive search key
    recovery have been removed.  Specifically, the SSLv2 40-bit EXPORT
    ciphers, and SSLv2 56-bit DES are no longer available.
    (CVE-2016-0800)
    [Viktor Dukhovni]
  *) Fix a double-free in DSA code
     A double free bug was discovered when OpenSSL parses malformed DSA private
     keys and could lead to a DoS attack or memory corruption for applications
     that receive DSA private keys from untrusted sources.  This scenario is
     considered rare.
     This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
     libFuzzer.
     (CVE-2016-0705)
     [Stephen Henson]
  *) Disable SRP fake user seed to address a server memory leak.
     Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
     SRP_VBASE_get_by_user had inconsistent memory management behaviour.
     In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
     was changed to ignore the "fake user" SRP seed, even if the seed
     is configured.
     Users should use SRP_VBASE_get1_by_user instead. Note that in
     SRP_VBASE_get1_by_user, caller must free the returned value. Note
     also that even though configuring the SRP seed attempts to hide
     invalid usernames by continuing the handshake with fake
     credentials, this behaviour is not constant time and no strong
     guarantees are made that the handshake is indistinguishable from
     that of a valid user.
     (CVE-2016-0798)
     [Emilia Käsper]
  *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
     In the BN_hex2bn function the number of hex digits is calculated using an
     int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
     large values of |i| this can result in |bn_expand| not allocating any
     memory because |i * 4| is negative. This can leave the internal BIGNUM data
     field as NULL leading to a subsequent NULL ptr deref. For very large values
     of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
     In this case memory is allocated to the internal BIGNUM data field, but it
     is insufficiently sized leading to heap corruption. A similar issue exists
     in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
     is ever called by user applications with very large untrusted hex/dec data.
     This is anticipated to be a rare occurrence.
     All OpenSSL internal usage of these functions use data that is not expected
     to be untrusted, e.g. config file data or application command line
     arguments. If user developed applications generate config file data based
     on untrusted data then it is possible that this could also lead to security
     consequences. This is also anticipated to be rare.
     This issue was reported to OpenSSL by Guido Vranken.
     (CVE-2016-0797)
     [Matt Caswell]
  *) Fix memory issues in BIO_*printf functions
     The internal |fmtstr| function used in processing a "%s" format string in
     the BIO_*printf functions could overflow while calculating the length of a
     string and cause an OOB read when printing very long strings.
     Additionally the internal |doapr_outch| function can attempt to write to an
     OOB memory location (at an offset from the NULL pointer) in the event of a
     memory allocation failure. In 1.0.2 and below this could be caused where
     the size of a buffer to be allocated is greater than INT_MAX. E.g. this
     could be in processing a very long "%s" format string. Memory leaks can
     also occur.
     The first issue may mask the second issue dependent on compiler behaviour.
     These problems could enable attacks where large amounts of untrusted data
     is passed to the BIO_*printf functions. If applications use these functions
     in this way then they could be vulnerable. OpenSSL itself uses these
     functions when printing out human-readable dumps of ASN.1 data. Therefore
     applications that print this data could be vulnerable if the data is from
     untrusted sources. OpenSSL command line applications could also be
     vulnerable where they print out ASN.1 data, or if untrusted data is passed
     as command line arguments.
     Libssl is not considered directly vulnerable. Additionally certificates etc
     received via remote connections via libssl are also unlikely to be able to
     trigger these issues because of message size limits enforced within libssl.
     This issue was reported to OpenSSL Guido Vranken.
     (CVE-2016-0799)
     [Matt Caswell]
  *) Side channel attack on modular exponentiation
     A side-channel attack was found which makes use of cache-bank conflicts on
     the Intel Sandy-Bridge microarchitecture which could lead to the recovery
     of RSA keys.  The ability to exploit this issue is limited as it relies on
     an attacker who has control of code in a thread running on the same
     hyper-threaded core as the victim thread which is performing decryptions.
     This issue was reported to OpenSSL by Yuval Yarom, The University of
     Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
     Nadia Heninger, University of Pennsylvania with more information at
     http://cachebleed.info.
     (CVE-2016-0702)
     [Andy Polyakov]
  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
     if no keysize is specified with default_bits. This fixes an
     omission in an earlier change that changed all RSA/DSA key generation
     apps to use 2048 bits by default.
     [Emilia Käsper]
 Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
  *) Protection for DH small subgroup attacks
     As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been
     switched on by default and cannot be disabled. This could have some
     performance impact.
     [Matt Caswell]
  *) SSLv2 doesn't block disabled ciphers
     A malicious client can negotiate SSLv2 ciphers that have been disabled on
     the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
     been disabled, provided that the SSLv2 protocol was not also disabled via
     SSL_OP_NO_SSLv2.
     This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
     and Sebastian Schinzel.
     (CVE-2015-3197)
     [Viktor Dukhovni]
  *) Reject DH handshakes with parameters shorter than 1024 bits.
     [Kurt Roeckx]
 Changes between 1.0.1p and 1.0.1q [3 Dec 2015]
  *) Certificate verify crash with missing PSS parameter
     The signature verification routines will crash with a NULL pointer
     dereference if presented with an ASN.1 signature using the RSA PSS
     algorithm and absent mask generation function parameter. Since these
     routines are used to verify certificate signature algorithms this can be
     used to crash any certificate verification operation and exploited in a
     DoS attack. Any application which performs certificate verification is
     vulnerable including OpenSSL clients and servers which enable client
     authentication.
     This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
     (CVE-2015-3194)
     [Stephen Henson]
  *) X509_ATTRIBUTE memory leak
     When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
     memory. This structure is used by the PKCS#7 and CMS routines so any
     application which reads PKCS#7 or CMS data from untrusted sources is
     affected. SSL/TLS is not affected.
     This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
     libFuzzer.
     (CVE-2015-3195)
     [Stephen Henson]
  *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
     This changes the decoding behaviour for some invalid messages,
     though the change is mostly in the more lenient direction, and
     legacy behaviour is preserved as much as possible.
     [Emilia Käsper]
  *) In DSA_generate_parameters_ex, if the provided seed is too short,
     use a random seed, as already documented.
     [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
 Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
  *) Alternate chains certificate forgery
     During certificate verfification, OpenSSL will attempt to find an
     alternative certificate chain if the first attempt to build such a chain
     fails. An error in the implementation of this logic can mean that an
     attacker could cause certain checks on untrusted certificates to be
     bypassed, such as the CA flag, enabling them to use a valid leaf
     certificate to act as a CA and "issue" an invalid certificate.
     This issue was reported to OpenSSL by Adam Langley/David Benjamin
     (Google/BoringSSL).
     (CVE-2015-1793)
     [Matt Caswell]
  *) Race condition handling PSK identify hint
     If PSK identity hints are received by a multi-threaded client then
     the values are wrongly updated in the parent SSL_CTX structure. This can
     result in a race condition potentially leading to a double free of the
     identify hint data.
     (CVE-2015-3196)
     [Stephen Henson]
 Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
  *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
     incompatibility in the handling of HMAC. The previous ABI has now been
     restored.
 Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
  *) Malformed ECParameters causes infinite loop
     When processing an ECParameters structure OpenSSL enters an infinite loop
     if the curve specified is over a specially malformed binary polynomial
     field.
     This can be used to perform denial of service against any
     system which processes public keys, certificate requests or
     certificates.  This includes TLS clients and TLS servers with
     client authentication enabled.
     This issue was reported to OpenSSL by Joseph Barr-Pixton.
     (CVE-2015-1788)
     [Andy Polyakov]
  *) Exploitable out-of-bounds read in X509_cmp_time
     X509_cmp_time does not properly check the length of the ASN1_TIME
     string and can read a few bytes out of bounds. In addition,
     X509_cmp_time accepts an arbitrary number of fractional seconds in the
     time string.
     An attacker can use this to craft malformed certificates and CRLs of
     various sizes and potentially cause a segmentation fault, resulting in
     a DoS on applications that verify certificates or CRLs. TLS clients
     that verify CRLs are affected. TLS clients and servers with client
     authentication enabled may be affected if they use custom verification
     callbacks.
     This issue was reported to OpenSSL by Robert Swiecki (Google), and
     independently by Hanno Böck.
     (CVE-2015-1789)
     [Emilia Käsper]
  *) PKCS7 crash with missing EnvelopedContent
     The PKCS#7 parsing code does not handle missing inner EncryptedContent
     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
     with missing content and trigger a NULL pointer dereference on parsing.
     Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
     structures from untrusted sources are affected. OpenSSL clients and
     servers are not affected.
     This issue was reported to OpenSSL by Michal Zalewski (Google).
     (CVE-2015-1790)
     [Emilia Käsper]
  *) CMS verify infinite loop with unknown hash function
     When verifying a signedData message the CMS code can enter an infinite loop
     if presented with an unknown hash function OID. This can be used to perform
     denial of service against any system which verifies signedData messages using
     the CMS code.
     This issue was reported to OpenSSL by Johannes Bauer.
     (CVE-2015-1792)
     [Stephen Henson]
  *) Race condition handling NewSessionTicket
     If a NewSessionTicket is received by a multi-threaded client when attempting to
     reuse a previous ticket then a race condition can occur potentially leading to
     a double free of the ticket data.
     (CVE-2015-1791)
     [Matt Caswell]
  *) Reject DH handshakes with parameters shorter than 768 bits.
     [Kurt Roeckx and Emilia Kasper]
  *) dhparam: generate 2048-bit parameters by default.
     [Kurt Roeckx and Emilia Kasper]
 Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
  *) Segmentation fault in ASN1_TYPE_cmp fix
@ -40,7 +349,7 @@
     This issue was reported to OpenSSL by Michal Zalewski (Google).
     (CVE-2015-0289)
-     [Emilia Käsper]
+     [Emilia Käsper]
  *) DoS via reachable assert in SSLv2 servers fix
@ -48,10 +357,10 @@
     servers that both support SSLv2 and enable export cipher suites by sending
     a specially crafted SSLv2 CLIENT-MASTER-KEY message.
-     This issue was discovered by Sean Burford (Google) and Emilia Käsper
+     This issue was discovered by Sean Burford (Google) and Emilia Käsper
     (OpenSSL development team).
     (CVE-2015-0293)
-     [Emilia Käsper]
+     [Emilia Käsper]
  *) Use After Free following d2i_ECPrivatekey error fix
@ -196,12 +505,12 @@
      version does not match the session's version. Resuming with a different
      version, while not strictly forbidden by the RFC, is of questionable
      sanity and breaks all known clients.
-      [David Benjamin, Emilia Käsper]
+      [David Benjamin, Emilia Käsper]
   *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
      early CCS messages during renegotiation. (Note that because
      renegotiation is encrypted, this early CCS was not exploitable.)
-      [Emilia Käsper]
+      [Emilia Käsper]
   *) Tighten client-side session ticket handling during renegotiation:
      ensure that the client only accepts a session ticket if the server sends
@ -212,7 +521,7 @@
      Similarly, ensure that the client requires a session ticket if one
      was advertised in the ServerHello. Previously, a TLS client would
      ignore a missing NewSessionTicket message.
-      [Emilia Käsper]
+      [Emilia Käsper]
 Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
@ -292,10 +601,10 @@
     with a null pointer dereference (read) by specifying an anonymous (EC)DH
     ciphersuite and sending carefully crafted handshake messages.
-     Thanks to Felix Gröbert (Google) for discovering and researching this
+     Thanks to Felix Gröbert (Google) for discovering and researching this
     issue.
     (CVE-2014-3510)
-     [Emilia Käsper]
+     [Emilia Käsper]
  *) By sending carefully crafted DTLS packets an attacker could cause openssl
     to leak memory. This can be exploited through a Denial of Service attack.
@ -332,7 +641,7 @@
     properly negotiated with the client. This can be exploited through a
     Denial of Service attack.
-     Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
+     Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
     discovering and researching this issue.
     (CVE-2014-5139)
     [Steve Henson]
@ -344,7 +653,7 @@
     Thanks to Ivan Fratric (Google) for discovering this issue.
     (CVE-2014-3508)
-     [Emilia Käsper, and Steve Henson]
+     [Emilia Käsper, and Steve Henson]
  *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
     for corner cases. (Certain input points at infinity could lead to
@ -374,15 +683,15 @@
     client or server. This is potentially exploitable to run arbitrary
     code on a vulnerable client or server.
-     Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
+     Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
-     [Jüri Aedla, Steve Henson]
+     [Jüri Aedla, Steve Henson]
  *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
     are subject to a denial of service attack.
-     Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
+     Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
     this issue. (CVE-2014-3470)
-     [Felix Gröbert, Ivan Fratric, Steve Henson]
+     [Felix Gröbert, Ivan Fratric, Steve Henson]
  *) Harmonize version and its documentation. -f flag is used to display
     compilation flags.
@ -461,9 +770,9 @@
     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
     Security Group at Royal Holloway, University of London
     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
-     Emilia Käsper for the initial patch.
+     Emilia Käsper for the initial patch.
     (CVE-2013-0169)
-     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
  *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
     ciphersuites which can be exploited in a denial of service attack.
@ -638,7 +947,7 @@
     EC_GROUP_new_by_curve_name() will automatically use these (while
     EC_GROUP_new_curve_GFp() currently prefers the more flexible
     implementations).
-     [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
+     [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
  *) Use type ossl_ssize_t instad of ssize_t which isn't available on
     all platforms. Move ssize_t definition from e_os.h to the public
@ -914,7 +1223,7 @@
     [Adam Langley (Google)]
  *) Fix spurious failures in ecdsatest.c.
-     [Emilia Käsper (Google)]
+     [Emilia Käsper (Google)]
  *) Fix the BIO_f_buffer() implementation (which was mixing different
     interpretations of the '..._len' fields).
@ -928,7 +1237,7 @@
     lock to call BN_BLINDING_invert_ex, and avoids one use of
     BN_BLINDING_update for each BN_BLINDING structure (previously,
     the last update always remained unused).
-     [Emilia Käsper (Google)]
+     [Emilia Käsper (Google)]
  *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
     [Bob Buckholz (Google)]
@ -1737,7 +2046,7 @@
  *) Add RFC 3161 compliant time stamp request creation, response generation
     and response verification functionality.
-     [Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project]
+     [Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project]
  *) Add initial support for TLS extensions, specifically for the server_name
     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
@ -2905,7 +3214,7 @@
  *) BN_CTX_get() should return zero-valued bignums, providing the same
     initialised value as BN_new().
-     [Geoff Thorpe, suggested by Ulf Möller]
+     [Geoff Thorpe, suggested by Ulf Möller]
  *) Support for inhibitAnyPolicy certificate extension.
     [Steve Henson]
@ -2924,7 +3233,7 @@
     some point, these tighter rules will become openssl's default to improve
     maintainability, though the assert()s and other overheads will remain only
     in debugging configurations. See bn.h for more details.
-     [Geoff Thorpe, Nils Larsch, Ulf Möller]
+     [Geoff Thorpe, Nils Larsch, Ulf Möller]
  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
     that can only be obtained through BN_CTX_new() (which implicitly
@ -2991,7 +3300,7 @@
     [Douglas Stebila (Sun Microsystems Laboratories)]
  *) Add the possibility to load symbols globally with DSO.
-     [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
+     [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
  *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
     control of the error stack.
@ -3706,7 +4015,7 @@
     [Steve Henson]
  *) Undo Cygwin change.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Added support for proxy certificates according to RFC 3820.
     Because they may be a security thread to unaware applications,
@ -3739,11 +4048,11 @@
     [Stephen Henson, reported by UK NISCC]
  *) Use Windows randomness collection on Cygwin.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Fix hang in EGD/PRNGD query when communication socket is closed
     prematurely by EGD/PRNGD.
-     [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
+     [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
  *) Prompt for pass phrases when appropriate for PKCS12 input format.
     [Steve Henson]
@ -4205,7 +4514,7 @@
     pointers passed to them whenever necessary. Otherwise it is possible
     the caller may have overwritten (or deallocated) the original string
     data when a later ENGINE operation tries to use the stored values.
-     [Götz Babin-Ebell <babinebell@trustcenter.de>]
+     [Götz Babin-Ebell <babinebell@trustcenter.de>]
  *) Improve diagnostics in file reading and command-line digests.
     [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
@ -6310,7 +6619,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Bodo Moeller]
  *) BN_sqr() bug fix.
-     [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
+     [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
@ -6470,7 +6779,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Bodo Moeller]
  *) Fix OAEP check.
-     [Ulf Möller, Bodo Möller]
+     [Ulf Möller, Bodo Möller]
  *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
     RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
@ -6732,10 +7041,10 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Bodo Moeller]
  *) Use better test patterns in bntest.
-     [Ulf Möller]
+     [Ulf Möller]
  *) rand_win.c fix for Borland C.
-     [Ulf Möller]
+     [Ulf Möller]
  *) BN_rshift bugfix for n == 0.
     [Bodo Moeller]
@ -6880,14 +7189,14 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
     BIO_ctrl (for BIO pairs).
-     [Bodo Möller]
+     [Bodo Möller]
  *) Add DSO method for VMS.
     [Richard Levitte]
  *) Bug fix: Montgomery multiplication could produce results with the
     wrong sign.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Add RPM specification openssl.spec and modify it to build three
     packages.  The default package contains applications, application
@ -6905,7 +7214,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Don't set the two most significant bits to one when generating a
     random number < q in the DSA library.
-     [Ulf Möller]
+     [Ulf Möller]
  *) New SSL API mode 'SSL_MODE_AUTO_RETRY'.  This disables the default
     behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
@ -7171,7 +7480,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Randomness polling function for Win9x, as described in:
     Peter Gutmann, Software Generation of Practically Strong
     Random Numbers.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Fix so PRNG is seeded in req if using an already existing
     DSA key.
@ -7391,7 +7700,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Steve Henson]
  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Fix for SSL server purpose checking. Server checking was
     rejecting certificates which had extended key usage present
@ -7423,7 +7732,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Bodo Moeller]
  *) Bugfix for linux-elf makefile.one.
-     [Ulf Möller]
+     [Ulf Möller]
  *) RSA_get_default_method() will now cause a default
     RSA_METHOD to be chosen if one doesn't exist already.
@ -7512,7 +7821,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Steve Henson]
  *) des_quad_cksum() byte order bug fix.
-     [Ulf Möller, using the problem description in krb4-0.9.7, where
+     [Ulf Möller, using the problem description in krb4-0.9.7, where
      the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
@ -7613,7 +7922,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Rolf Haberrecker <rolf@suse.de>]
  *) Assembler module support for Mingw32.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Shared library support for HPUX (in shlib/).
     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
@ -7632,7 +7941,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
     case was implemented. This caused BN_div_recp() to fail occasionally.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Add an optional second argument to the set_label() in the perl
     assembly language builder. If this argument exists and is set
@ -7662,14 +7971,14 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Steve Henson]
  *) Fix potential buffer overrun problem in BIO_printf().
-     [Ulf Möller, using public domain code by Patrick Powell; problem
+     [Ulf Möller, using public domain code by Patrick Powell; problem
      pointed out by David Sacerdote <das33@cornell.edu>]
  *) Support EGD <http://www.lothar.com/tech/crypto/>.  New functions
     RAND_egd() and RAND_status().  In the command line application,
     the EGD socket can be specified like a seed file using RANDFILE
     or -rand.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
     Some CAs (e.g. Verisign) distribute certificates in this form.
@ -7702,7 +8011,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
        #define OPENSSL_ALGORITHM_DEFINES
        #include <openssl/opensslconf.h>
     defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
-     [Richard Levitte, Ulf and Bodo Möller]
+     [Richard Levitte, Ulf and Bodo Möller]
  *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
     record layer.
@ -7753,17 +8062,17 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Bug fix for BN_div_recp() for numerators with an even number of
     bits.
-     [Ulf Möller]
+     [Ulf Möller]
  *) More tests in bntest.c, and changed test_bn output.
-     [Ulf Möller]
+     [Ulf Möller]
  *) ./config recognizes MacOS X now.
     [Andy Polyakov]
  *) Bug fix for BN_div() when the first words of num and divsor are
     equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
-     [Ulf Möller]
+     [Ulf Möller]
  *) Add support for various broken PKCS#8 formats, and command line
     options to produce them.
@ -7771,11 +8080,11 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
     get temporary BIGNUMs from a BN_CTX.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
     for p == 0.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
     include a #define from the old name to the new. The original intent
@ -7799,7 +8108,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Source code cleanups: use const where appropriate, eliminate casts,
     use void * instead of char * in lhash.
-     [Ulf Möller] 
+     [Ulf Möller] 
  *) Bugfix: ssl3_send_server_key_exchange was not restartable
     (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
@ -7844,13 +8153,13 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Steve Henson]
  *) New function BN_pseudo_rand().
-     [Ulf Möller]
+     [Ulf Möller]
  *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
     bignum version of BN_from_montgomery() with the working code from
     SSLeay 0.9.0 (the word based version is faster anyway), and clean up
     the comments.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
     made it impossible to use the same SSL_SESSION data structure in
@ -7860,25 +8169,25 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) The return value of RAND_load_file() no longer counts bytes obtained
     by stat().  RAND_load_file(..., -1) is new and uses the complete file
     to seed the PRNG (previously an explicit byte count was required).
-     [Ulf Möller, Bodo Möller]
+     [Ulf Möller, Bodo Möller]
  *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
     used (char *) instead of (void *) and had casts all over the place.
     [Steve Henson]
  *) Make BN_generate_prime() return NULL on error if ret!=NULL.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Retain source code compatibility for BN_prime_checks macro:
     BN_is_prime(..., BN_prime_checks, ...) now uses
     BN_prime_checks_for_size to determine the appropriate number of
     Rabin-Miller iterations.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
     DH_CHECK_P_NOT_SAFE_PRIME.
     (Check if this is true? OpenPGP calls them "strong".)
-     [Ulf Möller]
+     [Ulf Möller]
  *) Merge the functionality of "dh" and "gendh" programs into a new program
     "dhparam". The old programs are retained for now but will handle DH keys
@ -7934,7 +8243,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Add missing #ifndefs that caused missing symbols when building libssl
     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
     NO_RSA in ssl/s2*.c. 
-     [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
+     [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
  *) Precautions against using the PRNG uninitialized: RAND_bytes() now
     has a return value which indicates the quality of the random data
@ -7943,7 +8252,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     guaranteed to be unique but not unpredictable. RAND_add is like
     RAND_seed, but takes an extra argument for an entropy estimate
     (RAND_seed always assumes full entropy).
-     [Ulf Möller]
+     [Ulf Möller]
  *) Do more iterations of Rabin-Miller probable prime test (specifically,
     3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
@ -7973,7 +8282,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Steve Henson]
  *) Honor the no-xxx Configure options when creating .DEF files.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Add PKCS#10 attributes to field table: challengePassword, 
     unstructuredName and unstructuredAddress. These are taken from
@ -8807,7 +9116,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) More DES library cleanups: remove references to srand/rand and
     delete an unused file.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Add support for the the free Netwide assembler (NASM) under Win32,
     since not many people have MASM (ml) and it can be hard to obtain.
@ -8896,7 +9205,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     worked.
  *) Fix problems with no-hmac etc.
-     [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
+     [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
  *) New functions RSA_get_default_method(), RSA_set_method() and
     RSA_get_method(). These allows replacement of RSA_METHODs without having
@ -9013,7 +9322,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Ben Laurie]
  *) DES library cleanups.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
@ -9056,7 +9365,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Christian Forster <fo@hawo.stw.uni-erlangen.de>]
  *) config now generates no-xxx options for missing ciphers.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Support the EBCDIC character set (work in progress).
     File ebcdic.c not yet included because it has a different license.
@ -9169,7 +9478,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Bodo Moeller]
  *) Move openssl.cnf out of lib/.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
     -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
@ -9226,10 +9535,10 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Ben Laurie]
  *) Support Borland C++ builder.
-     [Janez Jere <jj@void.si>, modified by Ulf Möller]
+     [Janez Jere <jj@void.si>, modified by Ulf Möller]
  *) Support Mingw32.
-     [Ulf Möller]
+     [Ulf Möller]
  *) SHA-1 cleanups and performance enhancements.
     [Andy Polyakov <appro@fy.chalmers.se>]
@ -9238,7 +9547,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Andy Polyakov <appro@fy.chalmers.se>]
  *) Accept any -xxx and +xxx compiler options in Configure.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Update HPUX configuration.
     [Anonymous]
@ -9271,7 +9580,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Bodo Moeller]
  *) OAEP decoding bug fix.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Support INSTALL_PREFIX for package builders, as proposed by
     David Harris.
@ -9294,21 +9603,21 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Niels Poppe <niels@netbox.org>]
  *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
-     [Ulf Möller]
+     [Ulf Möller]
  *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
     extension adding in x509 utility.
     [Steve Henson]
  *) Remove NOPROTO sections and error code comments.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Partial rewrite of the DEF file generator to now parse the ANSI
     prototypes.
     [Steve Henson]
  *) New Configure options --prefix=DIR and --openssldir=DIR.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Complete rewrite of the error code script(s). It is all now handled
     by one script at the top level which handles error code gathering,
@ -9337,7 +9646,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Steve Henson]
  *) Move the autogenerated header file parts to crypto/opensslconf.h.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
     8 of keying material. Merlin has also confirmed interop with this fix
@ -9355,13 +9664,13 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Andy Polyakov <appro@fy.chalmers.se>]
  *) Change functions to ANSI C.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Fix typos in error codes.
-     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
  *) Remove defunct assembler files from Configure.
-     [Ulf Möller]
+     [Ulf Möller]
  *) SPARC v8 assembler BIGNUM implementation.
     [Andy Polyakov <appro@fy.chalmers.se>]
@ -9398,7 +9707,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Steve Henson]
  *) New Configure option "rsaref".
-     [Ulf Möller]
+     [Ulf Möller]
  *) Don't auto-generate pem.h.
     [Bodo Moeller]
@ -9446,7 +9755,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) New functions DSA_do_sign and DSA_do_verify to provide access to
     the raw DSA values prior to ASN.1 encoding.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Tweaks to Configure
     [Niels Poppe <niels@netbox.org>]
@ -9456,11 +9765,11 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Steve Henson]
  *) New variables $(RANLIB) and $(PERL) in the Makefiles.
-     [Ulf Möller]
+     [Ulf Möller]
  *) New config option to avoid instructions that are illegal on the 80386.
     The default code is faster, but requires at least a 486.
-     [Ulf Möller]
+     [Ulf Möller]
  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
     SSL2_SERVER_VERSION (not used at all) macros, which are now the
@ -9999,7 +10308,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      Hagino <itojun@kame.net>]
  *) File was opened incorrectly in randfile.c.
-     [Ulf Möller <ulf@fitug.de>]
+     [Ulf Möller <ulf@fitug.de>]
  *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
     functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
@ -10009,7 +10318,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Steve Henson]
  *) Correct Linux 1 recognition in config.
-     [Ulf Möller <ulf@fitug.de>]
+     [Ulf Möller <ulf@fitug.de>]
  *) Remove pointless MD5 hash when using DSA keys in ca.
     [Anonymous <nobody@replay.com>]
@ -10156,7 +10465,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
     was already fixed by Eric for 0.9.1 it seems.
-     [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
+     [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
  *) Autodetect FreeBSD3.
     [Ben Laurie]
--- a/38
+++ b/38
@ -0,0 +1,38 @@
 HOW TO CONTRIBUTE TO OpenSSL
 ----------------------------
 Development is coordinated on the openssl-dev mailing list (see
 http://www.openssl.org for information on subscribing). If you
 would like to submit a patch, send it to rt@openssl.org with
 the string "[PATCH]" in the subject. Please be sure to include a
 textual explanation of what your patch does.
 You can also make GitHub pull requests. If you do this, please also send
 mail to rt@openssl.org with a brief description and a link to the PR so
 that we can more easily keep track of it.
 If you are unsure as to whether a feature will be useful for the general
 OpenSSL community please discuss it on the openssl-dev mailing list first.
 Someone may be already working on the same thing or there may be a good
 reason as to why that feature isn't implemented.
 Patches should be as up to date as possible, preferably relative to the
 current Git or the last snapshot. They should follow our coding style
 (see https://www.openssl.org/policies/codingstyle.html) and compile without
 warnings using the --strict-warnings flag.  OpenSSL compiles on many varied
 platforms: try to ensure you only use portable features.
 Our preferred format for patch files is "git format-patch" output. For example
 to provide a patch file containing the last commit in your local git repository
 use the following command:
 # git format-patch --stdout HEAD^ >mydiffs.patch
 Another method of creating an acceptable patch file without using git is as
 follows:
 # cd openssl-work
 # [your changes]
 # ./Configure dist; make clean
 # cd ..
 # diff -ur openssl-orig openssl-work > mydiffs.patch
--- a/68
+++ b/68
@ -58,6 +58,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 #		library and will be loaded in run-time by the OpenSSL library.
 # sctp          include SCTP support
 # 386           generate 80386 code
 # enable-weak-ssl-ciphers
 #		Enable EXPORT and LOW SSLv3 ciphers that are disabled by
 #		default.  Note, weak SSLv2 ciphers are unconditionally
 #		disabled.
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
@ -105,6 +109,11 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
 # Warn that "make depend" should be run?
 my $warn_make_depend = 0;
 my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
 my $strict_warnings = 0;
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@ -197,6 +206,7 @@ my %table=(
 "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "dist",		"cc:-O::(unknown)::::::",
 # Basic configs that should work on any (32 and less bit) box
@ -230,12 +240,12 @@ my %table=(
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
 "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### SPARC Solaris with Sun C setups
@ -252,7 +262,7 @@ my %table=(
 #### SunOS configs, assuming sparc for the gcc one.
 #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
-"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
@ -361,6 +371,7 @@ my %table=(
 "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "linux64-s390x",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### So called "highgprs" target for z/Architecture CPUs
 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
@ -379,7 +390,7 @@ my %table=(
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
 "linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -413,7 +424,7 @@ my %table=(
 "BSD-x86",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
@ -717,10 +728,12 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
 		 "md2"            => "default",
 		 "rc5"            => "default",
 		 "rfc3779"	  => "default",
-		 "sctp"       => "default",
+		 "sctp"           => "default",
 		 "shared"         => "default",
 		 "ssl2"           => "default",
 		 "store"	  => "experimental",
 		 "unit-test"	  => "default",
 		 "weak-ssl-ciphers" => "default",
 		 "zlib"           => "default",
 		 "zlib-dynamic"   => "default"
 	       );
@ -1442,7 +1455,7 @@ if ($target =~ /\-icc$/)	# Intel C compiler
 # linker only when --prefix is not /usr.
 if ($target =~ /^BSD\-/)
 	{
-	$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+	$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
 	}
 if ($sys_id ne "")
@ -1574,11 +1587,20 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
 if ($strict_warnings)
 	{
 	my $ecc = $cc;
 	$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
 	my $wopt;
-	die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
+	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
 	foreach $wopt (split /\s+/, $gcc_devteam_warn)
 		{
-		$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+		$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
 		}
 	if ($ecc eq "clang")
 		{
 		foreach $wopt (split /\s+/, $clang_devteam_warn)
 			{
 			$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
 			}
 		}
 	}
@ -1940,14 +1962,8 @@ EOF
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne $default_depflags && !$make_depend) {
-		print <<EOF;
+            $warn_make_depend++;
-
+        }
 Since you've disabled or enabled at least one algorithm, you need to do
 the following before building:
 	make depend
 EOF
 	}
 }
 # create the ms/version32.rc file if needed
@ -2026,12 +2042,18 @@ EOF
 print <<\EOF if ($no_shared_warn);
-You gave the option 'shared'.  Normally, that would give you shared libraries.
+You gave the option 'shared', which is not supported on this platform, so
-Unfortunately, the OpenSSL configuration doesn't include shared library support
+we will pretend you gave the option 'no-shared'.  If you know how to implement
-for this platform yet, so it will pretend you gave the option 'no-shared'.  If
+shared libraries, please let us know (but please first make sure you have
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
+tried with a current version of OpenSSL).
-libraries on this platform, they will at least look at it and try their best
+EOF
-(but please first make sure you have tried with a current version of OpenSSL).
+
 print <<EOF if ($warn_make_depend);
 *** Because of configuration changes, you MUST do the following before
 *** building:
 	make depend
 EOF
 exit(0);
--- a/1041
+++ b/1041
--- a/8
+++ b/8
@ -164,10 +164,10 @@
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/support/rt.html and will be forwarded to a
+     at https://www.openssl.org/community/index.html#bugs and will be
-     public mailing list). Include the output of "make report" in your message.
+     forwarded to a public mailing list). Include the output of "make
-     Please check out the request tracker. Maybe the bug was already
+     report" in your message.  Please check out the request tracker. Maybe
-     reported or has already been fixed.
+     the bug was already reported or has already been fixed.
     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
--- a/2
+++ b/2
@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/Makefile.org
+++ b/Makefile.org
@ -179,12 +179,11 @@ SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
+TARFILE=        ../$(NAME).tar
 WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+all: Makefile build_all
 # as we stick to -e, CLEARENV ensures that local variables in lower
 # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@ -268,21 +267,25 @@ reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
 sub_all: build_all
 build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_ssl build_engines
+build_libs: build_libcrypto build_libssl openssl.pc
 build_libcrypto: build_crypto build_engines libcrypto.pc
 build_libssl: build_ssl libssl.pc
 build_crypto:
 	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
+build_ssl: build_crypto
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
+build_engines: build_crypto
 	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
+build_apps: build_libs
 	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
+build_tests: build_libs
 	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
+build_tools: build_libs
 	@dir=tools; target=all; $(BUILD_ONE_CMD)
 all_testapps: build_libs build_testapps
@ -459,6 +462,9 @@ tests: rehash
 report:
 	@$(PERL) util/selftest.pl
 update: errors stacks util/libeay.num util/ssleay.num TABLE
 	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
 depend:
 	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
@ -483,60 +489,44 @@ util/libeay.num::
 util/ssleay.num::
 	$(PERL) util/mkdef.pl ssl update
 crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
 	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
 crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
 	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
 crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
 	$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
 apps/openssl-vms.cnf: apps/openssl.cnf
 	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
 crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
 	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE
 update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
-tar:
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
 	                       --owner 0 --group 0 \
 			       --transform 's|^|$(NAME)/|' \
 			       -cvf -
 $(TARFILE).list:
 	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
 	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
 	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
 	       \! -name '.#*' \! -name '*~' \! -type l \
 	    | sort > $(TARFILE).list
 tar: $(TARFILE).list
 	find . -type d -print | xargs chmod 755
 	find . -type f -print | xargs chmod a+r
 	find . -type f -perm -0100 -print | xargs chmod a+x
-	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
-	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+	rm -f $(TARFILE).list
-	tardy --user_number=0  --user_name=openssl \
+	ls -l $(TARFILE).gz
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
 	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz
-tar-snap:
+tar-snap: $(TARFILE).list
-	@$(TAR) $(TARFLAGS) -cvf - \
+	$(TAR_COMMAND) > $(TARFILE)
-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+	rm -f $(TARFILE).list
-	tardy --user_number=0  --user_name=openssl \
+	ls -l $(TARFILE)
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
 	ls -l ../$(TARFILE)
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
 install: all install_docs install_sw
--- a/47
+++ b/47
@ -5,6 +5,53 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [under development]
      o
  Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
      o Disable SSLv2 default build, default negotiation and weak ciphers
        (CVE-2016-0800)
      o Fix a double-free in DSA code (CVE-2016-0705)
      o Disable SRP fake user seed to address a server memory leak
        (CVE-2016-0798)
      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
        (CVE-2016-0797)
      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
  Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
      o Protection for DH small subgroup attacks
      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
  Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
      o In DSA_generate_parameters_ex, if the provided seed is too short,
        return an error
  Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
      o Alternate chains certificate forgery (CVE-2015-1793)
      o Race condition handling PSK identify hint (CVE-2015-3196)
  Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
      o Fix HMAC ABI incompatibility
  Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
      o Race condition handling NewSessionTicket (CVE-2015-1791)
  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
--- a/205
+++ b/205
@ -1,7 +1,7 @@
- OpenSSL 1.0.1m 19 Mar 2015
+ OpenSSL 1.0.1t-dev
- Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1998-2015 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
@ -10,17 +10,17 @@
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
- protocols as well as a full-strength general purpose cryptography library.
+ well as a full-strength general purpose cryptograpic library. The project is
- The project is managed by a worldwide community of volunteers that use the
+ managed by a worldwide community of volunteers that use the Internet to
- Internet to communicate, plan, and develop the OpenSSL toolkit and its
+ communicate, plan, and develop the OpenSSL toolkit and its related
- related documentation.
+ documentation.
- OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ OpenSSL is descended from the SSLeay library developed by Eric A. Young
 and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license) situation, which basically means
+ OpenSSL license plus the SSLeay license), which means that you are free to
- that you are free to get and use it for commercial and non-commercial
+ get and use it for commercial and non-commercial purposes as long as you
- purposes as long as you fulfill the conditions of both licenses.
+ fulfill the conditions of both licenses.
 OVERVIEW
 --------
@ -28,116 +28,39 @@
 The OpenSSL toolkit includes:
 libssl.a:
-     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+     Provides the client and server-side implementations for SSLv3 and TLS.
     both SSLv2, SSLv3 and TLSv1 in the one server and client.
 libcrypto.a:
-     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+     Provides general cryptographic and X.509 support needed by SSL/TLS but
-     actually logically part of it. It includes routines for the following:
+     not logically part of it.
     Ciphers
        libdes - EAY's libdes DES encryption package which was floating
                 around the net for a few years, and was then relicensed by
                 him as part of SSLeay.  It includes 15 'modes/variations'
                 of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
                 pcbc and a more general form of cfb and ofb) including desx
                 in cbc mode, a fast crypt(3), and routines to read
                 passwords from the keyboard.
        RC4 encryption,
        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.
     Digests
        MD5 and MD2 message digest algorithms, fast implementations,
        SHA (SHA-0) and SHA-1 message digest algorithms,
        MDC2 message digest. A DES based hash that is popular on smart cards.
     Public Key
        RSA encryption/decryption/generation.
            There is no limit on the number of bits.
        DSA encryption/decryption/generation.
            There is no limit on the number of bits.
        Diffie-Hellman key-exchange/key generation.
            There is no limit on the number of bits.
     X.509v3 certificates
        X509 encoding/decoding into/from binary ASN1 and a PEM
             based ASCII-binary encoding which supports encryption with a
             private key.  Program to generate RSA and DSA certificate
             requests and to generate RSA and DSA certificates.
     Systems
        The normal digital envelope routines and base64 encoding.  Higher
        level access to ciphers and digests by name.  New ciphers can be
        loaded at run time.  The BIO io system which is a simple non-blocking
        IO abstraction.  Current methods supported are file descriptors,
        sockets, socket accept, socket connect, memory buffer, buffering, SSL
        client/server, file pointer, encryption, digest, non-blocking testing
        and null.
     Data structures
        A dynamically growing hashing system
        A simple stack.
        A Configuration loader that uses a format similar to MS .ini files.
 openssl:
     A command line tool that can be used for:
-        Creation of RSA, DH and DSA key parameters
+        Creation of key parameters
        Creation of X.509 certificates, CSRs and CRLs
-        Calculation of Message Digests
+        Calculation of message digests
-        Encryption and Decryption with Ciphers
+        Encryption and decryption
-        SSL/TLS Client and Server Tests
+        SSL/TLS client and server tests
        Handling of S/MIME signed or encrypted mail
-
+        And more...
 PATENTS
 -------
 Various companies hold various patents for various algorithms in various
 locations around the world. _YOU_ are responsible for ensuring that your use
 of any algorithms is legal by checking if there are any patents in your
 country.  The file contains some of the patents that we know about or are
 rumored to exist. This is not a definitive list.
 RSA Security holds software patents on the RC5 algorithm.  If you
 intend to use this cipher, you must contact RSA Security for
 licensing conditions. Their web page is http://www.rsasecurity.com/.
 RC4 is a trademark of RSA Security, so use of this label should perhaps
 only be used with RSA Security's permission.
 The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
 Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
 should be contacted if that algorithm is to be used; their web page is
 http://www.ascom.ch/.
 NTT and Mitsubishi have patents and pending patents on the Camellia
 algorithm, but allow use at no charge without requiring an explicit
 licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
 INSTALLATION
 ------------
- To install this package under a Unix derivative, read the INSTALL file.  For
+ See the appropriate file:
- a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
+        INSTALL         Linux, Unix, etc.
- INSTALL.VMS.
+        INSTALL.DJGPP   DOS platform with DJGPP
-
+        INSTALL.NW      Netware
- Read the documentation in the doc/ directory.  It is quite rough, but it
+        INSTALL.OS2     OS/2
- lists the functions; you will probably have to look at the code to work out
+        INSTALL.VMS     VMS
- how to use them. Look at the example programs.
+        INSTALL.W32     Windows (32bit)
-
+        INSTALL.W64     Windows (64bit)
- PROBLEMS
+        INSTALL.WCE     Windows CE
 --------
 For some platforms, there are some known problems that may affect the user
 or application author.  We try to collect those in doc/PROBLEMS, with current
 thoughts on how they should be solved in a future of OpenSSL.
 SUPPORT
 -------
- See the OpenSSL website www.openssl.org for details of how to obtain
+ See the OpenSSL website www.openssl.org for details on how to obtain
 commercial technical support.
 If you have any problems with OpenSSL then please take the following steps
@ -161,58 +84,36 @@
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)
- Report the bug to the OpenSSL project via the Request Tracker
+ Email the report to:
 (http://www.openssl.org/support/rt.html) by mail to:
-    openssl-bugs@openssl.org
+    rt@openssl.org
- Note that the request tracker should NOT be used for general assistance
+ In order to avoid spam, this is a moderated mailing list, and it might
- or support queries. Just because something doesn't work the way you expect
+ take a day for the ticket to show up.  (We also scan posts to make sure
- does not mean it is necessarily a bug in OpenSSL.
+ that security disclosures aren't publically posted by mistake.) Mail
 to this address is recorded in the public RT (request tracker) database
 (see https://www.openssl.org/community/index.html#bugs for details) and
 also forwarded the public openssl-dev mailing list.  Confidential mail
 may be sent to openssl-security@openssl.org (PGP key available from the
 key servers).
- Note that mail to openssl-bugs@openssl.org is recorded in the publicly
+ Please do NOT use this for general assistance or support queries.
- readable request tracker database and is forwarded to a public
+ Just because something doesn't work the way you expect does not mean it
- mailing list. Confidential mail may be sent to openssl-security@openssl.org
+ is necessarily a bug in OpenSSL.
- (PGP key available from the key servers).
+
 You can also make GitHub pull requests. If you do this, please also send
 mail to rt@openssl.org with a link to the PR so that we can more easily
 keep track of it.
 HOW TO CONTRIBUTE TO OpenSSL
 ----------------------------
- Development is coordinated on the openssl-dev mailing list (see
+ See CONTRIBUTING
 http://www.openssl.org for information on subscribing). If you
 would like to submit a patch, send it to openssl-bugs@openssl.org with
 the string "[PATCH]" in the subject. Please be sure to include a
 textual explanation of what your patch does.
- If you are unsure as to whether a feature will be useful for the general
+ LEGALITIES
- OpenSSL community please discuss it on the openssl-dev mailing list first.
+ ----------
 Someone may be already working on the same thing or there may be a good
 reason as to why that feature isn't implemented.
 Patches should be as up to date as possible, preferably relative to the
 current Git or the last snapshot. They should follow the coding style of
 OpenSSL and compile without warnings. Some of the core team developer targets
 can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
 compiles on many varied platforms: try to ensure you only use portable
 features.
 Note: For legal reasons, contributions from the US can be accepted only
 if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
 (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
 please take some time to look at
    http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
 and
    http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
 for the details. If "your encryption source code is too large to serve as
 an email attachment", they are glad to receive it by fax instead; hope you
 have a cheap long-distance plan.
 Our preferred format for changes is "diff -u" output. You might
 generate it like this:
 # cd openssl-work
 # [your changes]
 # ./Configure dist; make clean
 # cd ..
 # diff -ur openssl-orig openssl-work > mydiffs.patch
 A number of nations, in particular the U.S., restrict the use or export
 of cryptography. If you are potentially subject to such restrictions
 you should seek competent professional legal advice before attempting to
 develop or distribute cryptographic code.
--- a/108
+++ b/108
@ -35,7 +35,7 @@ $multilib     =
 *** BS2000-OSD
 $cc           = c89
-$cflags       = -O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC
+$cflags       = -O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@ -68,7 +68,7 @@ $multilib     =
 *** BSD-generic32
 $cc           = gcc
-$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -Wall
+$cflags       = -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -101,7 +101,7 @@ $multilib     =
 *** BSD-generic64
 $cc           = gcc
-$cflags       = -DTERMIOS -O3 -Wall
+$cflags       = -O3 -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -134,7 +134,7 @@ $multilib     =
 *** BSD-ia64
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIOS -O3 -Wall
+$cflags       = -DL_ENDIAN -O3 -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -167,7 +167,7 @@ $multilib     =
 *** BSD-sparc64
 $cc           = gcc
-$cflags       = -DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall
+$cflags       = -DB_ENDIAN -O3 -DMD32_REG_T=int -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -200,7 +200,7 @@ $multilib     =
 *** BSD-sparcv8
 $cc           = gcc
-$cflags       = -DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall
+$cflags       = -DB_ENDIAN -O3 -mcpu=v8 -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -233,7 +233,7 @@ $multilib     =
 *** BSD-x86
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall
+$cflags       = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -266,7 +266,7 @@ $multilib     =
 *** BSD-x86-elf
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall
+$cflags       = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -299,7 +299,7 @@ $multilib     =
 *** BSD-x86_64
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIOS -O3 -Wall
+$cflags       = -DL_ENDIAN -O3 -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -398,7 +398,7 @@ $multilib     =
 *** DJGPP
 $cc           = gcc
-$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
+$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MSDOS
@ -530,7 +530,7 @@ $multilib     =
 *** QNX6
 $cc           = gcc
-$cflags       = -DTERMIOS
+$cflags       = 
 $unistd       = 
 $thread_cflag = 
 $sys_id       = 
@ -563,7 +563,7 @@ $multilib     =
 *** QNX6-i386
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIOS -O2 -Wall
+$cflags       = -DL_ENDIAN -O2 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = 
@ -1520,7 +1520,7 @@ $multilib     =
 *** debug-BSD-x86-elf
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIOS -O3 -Wall -g
+$cflags       = -DL_ENDIAN -O3 -Wall -g
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -2213,7 +2213,7 @@ $multilib     =
 *** debug-levitte-linux-elf-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2279,7 +2279,7 @@ $multilib     =
 *** debug-levitte-linux-noasm-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2312,7 +2312,7 @@ $multilib     =
 *** debug-linux-elf
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2345,7 +2345,7 @@ $multilib     =
 *** debug-linux-elf-noefence
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2378,7 +2378,7 @@ $multilib     =
 *** debug-linux-generic32
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2411,7 +2411,7 @@ $multilib     =
 *** debug-linux-generic64
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2444,7 +2444,7 @@ $multilib     =
 *** debug-linux-ia32-aes
 $cc           = gcc
-$cflags       = -DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2477,7 +2477,7 @@ $multilib     =
 *** debug-linux-pentium
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2510,7 +2510,7 @@ $multilib     =
 *** debug-linux-ppro
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2543,7 +2543,7 @@ $multilib     =
 *** debug-linux-x86_64
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2642,7 +2642,7 @@ $multilib     =
 *** debug-solaris-sparcv8-gcc
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3566,7 +3566,7 @@ $multilib     = /pa20_64
 *** hurd-x86
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall
+$cflags       = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3632,7 +3632,7 @@ $multilib     =
 *** irix-cc
 $cc           = cc
-$cflags       = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
+$cflags       = -O2 -use_readonly_const -DB_ENDIAN
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@ -3665,7 +3665,7 @@ $multilib     =
 *** irix-gcc
 $cc           = gcc
-$cflags       = -O3 -DTERMIOS -DB_ENDIAN
+$cflags       = -O3 -DB_ENDIAN
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@ -3698,7 +3698,7 @@ $multilib     =
 *** irix-mips3-cc
 $cc           = cc
-$cflags       = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$cflags       = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
@ -3731,7 +3731,7 @@ $multilib     = 32
 *** irix-mips3-gcc
 $cc           = gcc
-$cflags       = -mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$cflags       = -mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
@ -3764,7 +3764,7 @@ $multilib     = 32
 *** irix64-mips4-cc
 $cc           = cc
-$cflags       = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$cflags       = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
@ -3797,7 +3797,7 @@ $multilib     = 64
 *** irix64-mips4-gcc
 $cc           = gcc
-$cflags       = -mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$cflags       = -mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
@ -3830,7 +3830,7 @@ $multilib     = 64
 *** linux-alpha+bwx-ccc
 $cc           = ccc
-$cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
+$cflags       = -fast -readonly_strings -DL_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3863,7 +3863,7 @@ $multilib     =
 *** linux-alpha+bwx-gcc
 $cc           = gcc
-$cflags       = -O3 -DL_ENDIAN -DTERMIO
+$cflags       = -O3 -DL_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3896,7 +3896,7 @@ $multilib     =
 *** linux-alpha-ccc
 $cc           = ccc
-$cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
+$cflags       = -fast -readonly_strings -DL_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3929,7 +3929,7 @@ $multilib     =
 *** linux-alpha-gcc
 $cc           = gcc
-$cflags       = -O3 -DL_ENDIAN -DTERMIO
+$cflags       = -O3 -DL_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3962,7 +3962,7 @@ $multilib     =
 *** linux-aout
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall
+$cflags       = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@ -3995,7 +3995,7 @@ $multilib     =
 *** linux-armv4
 $cc           = gcc
-$cflags       = -DTERMIO -O3 -Wall
+$cflags       = -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4028,7 +4028,7 @@ $multilib     =
 *** linux-elf
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4061,7 +4061,7 @@ $multilib     =
 *** linux-generic32
 $cc           = gcc
-$cflags       = -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4094,7 +4094,7 @@ $multilib     =
 *** linux-generic64
 $cc           = gcc
-$cflags       = -DTERMIO -O3 -Wall
+$cflags       = -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4127,7 +4127,7 @@ $multilib     =
 *** linux-ia32-icc
 $cc           = icc
-$cflags       = -DL_ENDIAN -DTERMIO -O2 -no_cpprt
+$cflags       = -DL_ENDIAN -O2 -no_cpprt
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4160,7 +4160,7 @@ $multilib     =
 *** linux-ia64
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIO -O3 -Wall
+$cflags       = -DL_ENDIAN -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4193,7 +4193,7 @@ $multilib     =
 *** linux-ia64-ecc
 $cc           = ecc
-$cflags       = -DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt
+$cflags       = -DL_ENDIAN -O2 -Wall -no_cpprt
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4226,7 +4226,7 @@ $multilib     =
 *** linux-ia64-icc
 $cc           = icc
-$cflags       = -DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt
+$cflags       = -DL_ENDIAN -O2 -Wall -no_cpprt
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4259,7 +4259,7 @@ $multilib     =
 *** linux-ppc
 $cc           = gcc
-$cflags       = -DB_ENDIAN -DTERMIO -O3 -Wall
+$cflags       = -DB_ENDIAN -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4292,7 +4292,7 @@ $multilib     =
 *** linux-ppc64
 $cc           = gcc
-$cflags       = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall
+$cflags       = -m64 -DB_ENDIAN -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4325,7 +4325,7 @@ $multilib     = 64
 *** linux-sparcv8
 $cc           = gcc
-$cflags       = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
+$cflags       = -mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4358,7 +4358,7 @@ $multilib     =
 *** linux-sparcv9
 $cc           = gcc
-$cflags       = -m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
+$cflags       = -m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
@ -4391,7 +4391,7 @@ $multilib     =
 *** linux-x86_64
 $cc           = gcc
-$cflags       = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall
+$cflags       = -m64 -DL_ENDIAN -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4424,7 +4424,7 @@ $multilib     = 64
 *** linux32-s390x
 $cc           = gcc
-$cflags       = -m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall
+$cflags       = -m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4457,7 +4457,7 @@ $multilib     = /highgprs
 *** linux64-s390x
 $cc           = gcc
-$cflags       = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall
+$cflags       = -m64 -DB_ENDIAN -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4490,7 +4490,7 @@ $multilib     = 64
 *** linux64-sparcv9
 $cc           = gcc
-$cflags       = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
@ -5315,7 +5315,7 @@ $multilib     =
 *** solaris-sparcv8-gcc
 $cc           = gcc
-$cflags       = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$cflags       = -mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -5612,7 +5612,7 @@ $multilib     = /64
 *** sunos-gcc
 $cc           = gcc
-$cflags       = -O3 -mv8 -Dssize_t=int
+$cflags       = -O3 -mcpu=v8 -Dssize_t=int
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = SUNOS
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@ -1,8 +0,0 @@
 openssl
 Makefile.save
 der_chop
 der_chop.bak
 CA.pl
 *.flc
 semantic.cache
 *.dll
--- a/apps/Makefile
+++ b/apps/Makefile
@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 openssl-vms.cnf: openssl.cnf
 	$(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@ -127,12 +130,12 @@ links:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
-depend:
+update: openssl-vms.cnf local_depend
-	@if [ -z "$(THIS)" ]; then \
+
-	    $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
+depend: local_depend
-	else \
+	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-	    $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+local_depend:
-	fi
+	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@ -144,10 +147,10 @@ clean:
 	rm -f req
 $(DLIBSSL):
-	(cd ..; $(MAKE) DIRS=ssl all)
+	(cd ..; $(MAKE) build_libssl)
 $(DLIBCRYPTO):
-	(cd ..; $(MAKE) DIRS=crypto all)
+	(cd ..; $(MAKE) build_libcrypto)
 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
--- a/apps/apps.c
+++ b/apps/apps.c
@ -119,9 +119,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
 # include <strings.h>
 #endif
 #include <sys/types.h>
 #include <ctype.h>
 #include <errno.h>
@ -572,7 +569,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
        char *prompt = NULL;
        prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
-        if(!prompt) {
+        if (!prompt) {
            BIO_printf(bio_err, "Out of memory\n");
            UI_free(ui);
            return 0;
@ -586,7 +583,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
                                     PW_MIN_LENGTH, bufsiz - 1);
        if (ok >= 0 && verify) {
            buff = (char *)OPENSSL_malloc(bufsiz);
-            if(!buff) {
+            if (!buff) {
                BIO_printf(bio_err, "Out of memory\n");
                UI_free(ui);
                OPENSSL_free(prompt);
@ -1247,7 +1244,11 @@ int set_name_ex(unsigned long *flags, const char *arg)
        {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
        {NULL, 0, 0}
    };
-    return set_multi_opts(flags, arg, ex_tbl);
+    if (set_multi_opts(flags, arg, ex_tbl) == 0)
        return 0;
    if ((*flags & XN_FLAG_SEP_MASK) == 0)
        *flags |= XN_FLAG_SEP_CPLUS_SPC;
    return 1;
 }
 int set_ext_copy(int *copy_type, const char *arg)
@ -2238,6 +2239,8 @@ int args_verify(char ***pargs, int *pargc,
        flags |= X509_V_FLAG_NOTIFY_POLICY;
    else if (!strcmp(arg, "-check_ss_sig"))
        flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
    else if (!strcmp(arg, "-no_alt_chains"))
        flags |= X509_V_FLAG_NO_ALT_CHAINS;
    else
        return 0;
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@ -313,9 +313,9 @@ int MAIN(int argc, char **argv)
            }
            typ = ASN1_TYPE_get(at);
            if ((typ == V_ASN1_OBJECT)
                || (typ == V_ASN1_BOOLEAN)
                || (typ == V_ASN1_NULL)) {
-                BIO_printf(bio_err, "Can't parse %s type\n",
+                BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
                           typ == V_ASN1_NULL ? "NULL" : "OBJECT");
                ERR_print_errors(bio_err);
                goto end;
            }
@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
 {
    CONF *cnf = NULL;
    int len;
-    long errline;
+    long errline = 0;
    unsigned char *p;
    ASN1_TYPE *atyp = NULL;
--- a/apps/ca.c
+++ b/apps/ca.c
@ -99,25 +99,19 @@
 #undef PROG
 #define PROG ca_main
-#define BASE_SECTION    "ca"
+#define BASE_SECTION            "ca"
-#define CONFIG_FILE "openssl.cnf"
+#define CONFIG_FILE             "openssl.cnf"
 #define ENV_DEFAULT_CA          "default_ca"
-#define STRING_MASK     "string_mask"
+#define STRING_MASK             "string_mask"
 #define UTF8_IN                 "utf8"
 #define ENV_DIR                 "dir"
 #define ENV_CERTS               "certs"
 #define ENV_CRL_DIR             "crl_dir"
 #define ENV_CA_DB               "CA_DB"
 #define ENV_NEW_CERTS_DIR       "new_certs_dir"
 #define ENV_CERTIFICATE         "certificate"
 #define ENV_SERIAL              "serial"
 #define ENV_CRLNUMBER           "crlnumber"
 #define ENV_CRL                 "crl"
 #define ENV_PRIVATE_KEY         "private_key"
 #define ENV_RANDFILE            "RANDFILE"
 #define ENV_DEFAULT_DAYS        "default_days"
 #define ENV_DEFAULT_STARTDATE   "default_startdate"
 #define ENV_DEFAULT_ENDDATE     "default_enddate"
@ -558,7 +552,7 @@ int MAIN(int argc, char **argv)
 #ifdef OPENSSL_SYS_VMS
        len = strlen(s) + sizeof(CONFIG_FILE);
        tofree = OPENSSL_malloc(len);
-        if(!tofree) {
+        if (!tofree) {
            BIO_printf(bio_err, "Out of memory\n");
            goto err;
        }
@ -566,7 +560,7 @@ int MAIN(int argc, char **argv)
 #else
        len = strlen(s) + sizeof(CONFIG_FILE) + 1;
        tofree = OPENSSL_malloc(len);
-        if(!tofree) {
+        if (!tofree) {
            BIO_printf(bio_err, "Out of memory\n");
            goto err;
        }
@ -2520,6 +2514,8 @@ static int do_updatedb(CA_DB *db)
    char **rrow, *a_tm_s;
    a_tm = ASN1_UTCTIME_new();
    if (a_tm == NULL)
        return -1;
    /* get actual time and make a string */
    a_tm = X509_gmtime_adj(a_tm, 0);
@ -2803,7 +2799,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
    ASN1_GENERALIZEDTIME *comp_time = NULL;
    tmp = BUF_strdup(str);
-    if(!tmp) {
+    if (!tmp) {
        BIO_printf(bio_err, "memory allocation failure\n");
        goto err;
    }
@ -2825,7 +2821,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
    if (prevtm) {
        *prevtm = ASN1_UTCTIME_new();
-        if(!*prevtm) {
+        if (!*prevtm) {
            BIO_printf(bio_err, "memory allocation failure\n");
            goto err;
        }
@ -2869,7 +2865,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
                goto err;
            }
            comp_time = ASN1_GENERALIZEDTIME_new();
-            if(!comp_time) {
+            if (!comp_time) {
                BIO_printf(bio_err, "memory allocation failure\n");
                goto err;
            }
--- a/apps/cms.c
+++ b/apps/cms.c
@ -580,6 +580,8 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,
                   "-CApath dir    trusted certificates directory\n");
        BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
        BIO_printf(bio_err,
                   "-no_alt_chains only ever use the first certificate chain found\n");
        BIO_printf(bio_err,
                   "-crl_check     check revocation status of signer's certificate using CRLs\n");
        BIO_printf(bio_err,
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@ -130,7 +130,7 @@
 # undef PROG
 # define PROG    dhparam_main
-# define DEFBITS 512
+# define DEFBITS 2048
 /*-
 * -inform arg  - input format - default PEM (DER or PEM)
@ -254,7 +254,7 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,
                   " -5            generate parameters using  5 as the generator value\n");
        BIO_printf(bio_err,
-                   " numbits       number of bits in to generate (default 512)\n");
+                   " numbits       number of bits in to generate (default 2048)\n");
 # ifndef OPENSSL_NO_ENGINE
        BIO_printf(bio_err,
                   " -engine e     use engine e, possibly a hardware device.\n");
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@ -413,14 +413,13 @@ int MAIN(int argc, char **argv)
    }
    if (check) {
        if (group == NULL)
            BIO_printf(bio_err, "no elliptic curve parameters\n");
        BIO_printf(bio_err, "checking elliptic curve parameters: ");
        if (!EC_GROUP_check(group, NULL)) {
            BIO_printf(bio_err, "failed\n");
            ERR_print_errors(bio_err);
-        } else
+            goto end;
-            BIO_printf(bio_err, "ok\n");
+        }
        BIO_printf(bio_err, "ok\n");
    }
--- a/apps/enc.c
+++ b/apps/enc.c
@ -548,9 +548,14 @@ int MAIN(int argc, char **argv)
            else
                OPENSSL_cleanse(str, strlen(str));
        }
-        if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
+        if (hiv != NULL) {
-            BIO_printf(bio_err, "invalid hex iv value\n");
+            int siz = EVP_CIPHER_iv_length(cipher);
-            goto end;
+            if (siz == 0) {
                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
            } else if (!set_hex(hiv, iv, sizeof iv)) {
                BIO_printf(bio_err, "invalid hex iv value\n");
                goto end;
            }
        }
        if ((hiv == NULL) && (str == NULL)
            && EVP_CIPHER_iv_length(cipher) != 0) {
@ -562,7 +567,7 @@ int MAIN(int argc, char **argv)
            BIO_printf(bio_err, "iv undefined\n");
            goto end;
        }
-        if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
+        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
            BIO_printf(bio_err, "invalid hex key value\n");
            goto end;
        }
--- a/apps/engine.c
+++ b/apps/engine.c
@ -1,4 +1,4 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* apps/engine.c */
 /*
 * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
 * 2000.
@ -99,8 +99,6 @@ static void identity(char *ptr)
 static int append_buf(char **buf, const char *s, int *size, int step)
 {
    int l = strlen(s);
    if (*buf == NULL) {
        *size = step;
        *buf = OPENSSL_malloc(*size);
@ -109,9 +107,6 @@ static int append_buf(char **buf, const char *s, int *size, int step)
        **buf = '\0';
    }
    if (**buf != '\0')
        l += 2;                 /* ", " */
    if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
        *size += step;
        *buf = OPENSSL_realloc(*buf, *size);
--- a/apps/gendh.c
+++ b/apps/gendh.c
@ -80,7 +80,7 @@
 # include <openssl/x509.h>
 # include <openssl/pem.h>
-# define DEFBITS 512
+# define DEFBITS 2048
 # undef PROG
 # define PROG gendh_main
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@ -518,6 +518,8 @@ int MAIN(int argc, char **argv)
                   "-CApath dir          trusted certificates directory\n");
        BIO_printf(bio_err,
                   "-CAfile file         trusted certificates file\n");
        BIO_printf(bio_err,
                   "-no_alt_chains       only ever use the first certificate chain found\n");
        BIO_printf(bio_err,
                   "-VAfile file         validator certificates file\n");
        BIO_printf(bio_err,
@ -1001,7 +1003,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
    bs = OCSP_BASICRESP_new();
    thisupd = X509_gmtime_adj(NULL, 0);
    if (ndays != -1)
-        nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
    /* Examine each certificate id in the request */
    for (i = 0; i < id_count; i++) {
@ -1218,8 +1220,8 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
        return NULL;
    }
-    if (BIO_get_fd(cbio, &fd) <= 0) {
+    if (BIO_get_fd(cbio, &fd) < 0) {
-        BIO_puts(err, "Can't get connection fd\n");
+        BIO_puts(bio_err, "Can't get connection fd\n");
        goto err;
    }
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -79,7 +79,8 @@ const EVP_CIPHER *enc;
 # define CLCERTS         0x8
 # define CACERTS         0x10
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+static int get_cert_chain(X509 *cert, X509_STORE *store,
                          STACK_OF(X509) **chain);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
                        int options, char *pempass);
 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@ -134,13 +135,6 @@ int MAIN(int argc, char **argv)
    apps_startup();
 # ifdef OPENSSL_FIPS
    if (FIPS_mode())
        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    else
 # endif
        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    enc = EVP_des_ede3_cbc();
    if (bio_err == NULL)
        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@ -148,6 +142,13 @@ int MAIN(int argc, char **argv)
    if (!load_config(bio_err, NULL))
        goto end;
 # ifdef OPENSSL_FIPS
    if (FIPS_mode())
        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    else
 # endif
        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    args = argv + 1;
    while (*args) {
@ -594,7 +595,7 @@ int MAIN(int argc, char **argv)
            vret = get_cert_chain(ucert, store, &chain2);
            X509_STORE_free(store);
-            if (!vret) {
+            if (vret == X509_V_OK) {
                /* Exclude verified certificate */
                for (i = 1; i < sk_X509_num(chain2); i++)
                    sk_X509_push(certs, sk_X509_value(chain2, i));
@ -602,7 +603,7 @@ int MAIN(int argc, char **argv)
                X509_free(sk_X509_value(chain2, 0));
                sk_X509_free(chain2);
            } else {
-                if (vret >= 0)
+                if (vret != X509_V_ERR_UNSPECIFIED)
                    BIO_printf(bio_err, "Error %s getting chain.\n",
                               X509_verify_cert_error_string(vret));
                else
@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 /* Given a single certificate return a verified chain or NULL if error */
-/* Hope this is OK .... */
+static int get_cert_chain(X509 *cert, X509_STORE *store,
-
+                          STACK_OF(X509) **chain)
 int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
    X509_STORE_CTX store_ctx;
-    STACK_OF(X509) *chn;
+    STACK_OF(X509) *chn = NULL;
    int i = 0;
-    /*
+    if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
-     * FIXME: Should really check the return status of X509_STORE_CTX_init
+        *chain = NULL;
-     * for an error, but how that fits into the return value of this function
+        return X509_V_ERR_UNSPECIFIED;
-     * is less obvious.
+    }
-     */
+
-    X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
+    if (X509_verify_cert(&store_ctx) > 0)
    if (X509_verify_cert(&store_ctx) <= 0) {
        i = X509_STORE_CTX_get_error(&store_ctx);
        if (i == 0)
            /*
             * avoid returning 0 if X509_verify_cert() did not set an
             * appropriate error value in the context
             */
            i = -1;
        chn = NULL;
        goto err;
    } else
        chn = X509_STORE_CTX_get1_chain(&store_ctx);
- err:
+    else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
        i = X509_V_ERR_UNSPECIFIED;
    X509_STORE_CTX_cleanup(&store_ctx);
    *chain = chn;
    return i;
 }
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@ -235,12 +235,16 @@ int MAIN(int argc, char **argv)
        i = OBJ_obj2nid(p7->type);
        switch (i) {
        case NID_pkcs7_signed:
-            certs = p7->d.sign->cert;
+            if (p7->d.sign != NULL) {
-            crls = p7->d.sign->crl;
+                certs = p7->d.sign->cert;
                crls = p7->d.sign->crl;
            }
            break;
        case NID_pkcs7_signedAndEnveloped:
-            certs = p7->d.signed_and_enveloped->cert;
+            if (p7->d.signed_and_enveloped != NULL) {
-            crls = p7->d.signed_and_enveloped->crl;
+                certs = p7->d.signed_and_enveloped->cert;
                crls = p7->d.signed_and_enveloped->crl;
            }
            break;
        default:
            break;
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@ -111,6 +111,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h> /* for memcpy() */
 #define USE_SOCKETS
 #define NON_MAIN
 #include "apps.h"
@ -747,7 +748,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
    /* Initialize a random secret */
    if (!cookie_initialized) {
-        if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
+        if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
            BIO_printf(bio_err, "error setting random cookie secret\n");
            return 0;
        }
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -322,6 +322,8 @@ static void sc_usage(void)
               " -pass arg     - private key file pass phrase source\n");
    BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
    BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
    BIO_printf(bio_err,
               " -no_alt_chains - only ever use the first certificate chain found\n");
    BIO_printf(bio_err,
               " -reconnect    - Drop and re-make the connection with the same Session-ID\n");
    BIO_printf(bio_err,
@ -547,7 +549,7 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
    PW_CB_DATA cb_tmp;
    int l;
-    if(!pass) {
+    if (!pass) {
        BIO_printf(bio_err, "Malloc failure\n");
        return NULL;
    }
@ -1177,13 +1179,12 @@ int MAIN(int argc, char **argv)
    if (!set_cert_key_stuff(ctx, cert, key))
        goto end;
-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+    if ((CAfile || CApath)
-        (!SSL_CTX_set_default_verify_paths(ctx))) {
+        && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
-        /*
+        ERR_print_errors(bio_err);
-         * BIO_printf(bio_err,"error setting default verify locations\n");
+    }
-         */
+    if (!SSL_CTX_set_default_verify_paths(ctx)) {
        ERR_print_errors(bio_err);
        /* goto end; */
    }
 #ifndef OPENSSL_NO_TLSEXT
    if (servername != NULL) {
@ -1883,6 +1884,9 @@ int MAIN(int argc, char **argv)
        EVP_PKEY_free(key);
    if (pass)
        OPENSSL_free(pass);
 #ifndef OPENSSL_NO_SRP
    OPENSSL_free(srp_arg.srppassin);
 #endif
    if (vpm)
        X509_VERIFY_PARAM_free(vpm);
    if (cbuf != NULL) {
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -219,7 +219,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
                               unsigned int *id_len);
 #ifndef OPENSSL_NO_DH
 static DH *load_dh_param(const char *dhfile);
-static DH *get_dh512(void);
+static DH *get_dh2048(void);
 #endif
 #ifdef MONOLITH
@ -227,30 +227,48 @@ static void s_server_init(void);
 #endif
 #ifndef OPENSSL_NO_DH
-static unsigned char dh512_p[] = {
+static unsigned char dh2048_p[] = {
-    0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
+    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
-    0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
+    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
-    0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
+    0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
-    0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
+    0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
-    0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
+    0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
-    0x47, 0x74, 0xE8, 0x33,
+    0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
    0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
    0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
    0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
    0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
    0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
    0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
    0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
    0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
    0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
    0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
    0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
    0xE9,0x32,0x0B,0x3B,
 };
-static unsigned char dh512_g[] = {
+static unsigned char dh2048_g[] = {
    0x02,
 };
-static DH *get_dh512(void)
+DH *get_dh2048()
 {
-    DH *dh = NULL;
+    DH *dh;
    if ((dh = DH_new()) == NULL)
-        return (NULL);
+        return NULL;
-    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+    dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
-    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+    dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
+    if (dh->p == NULL || dh->g == NULL) {
-        return (NULL);
+        DH_free(dh);
-    return (dh);
+        return NULL;
    }
    return dh;
 }
 #endif
@ -398,6 +416,8 @@ typedef struct srpsrvparm_st {
 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
 {
    srpsrvparm *p = (srpsrvparm *) arg;
    int ret = SSL3_AL_FATAL;
    if (p->login == NULL && p->user == NULL) {
        p->login = SSL_get_srp_username(s);
        BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
@ -406,21 +426,25 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
    if (p->user == NULL) {
        BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
-        return SSL3_AL_FATAL;
+        goto err;
    }
    if (SSL_set_srp_server_param
        (s, p->user->N, p->user->g, p->user->s, p->user->v,
         p->user->info) < 0) {
        *ad = SSL_AD_INTERNAL_ERROR;
-        return SSL3_AL_FATAL;
+        goto err;
    }
    BIO_printf(bio_err,
               "SRP parameters set: username = \"%s\" info=\"%s\" \n",
               p->login, p->user->info);
-    /* need to check whether there are memory leaks */
+    ret = SSL_ERROR_NONE;
 err:
    SRP_user_pwd_free(p->user);
    p->user = NULL;
    p->login = NULL;
-    return SSL_ERROR_NONE;
+    return ret;
 }
 #endif
@ -522,6 +546,8 @@ static void sv_usage(void)
    BIO_printf(bio_err, " -state        - Print the SSL states\n");
    BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
    BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
    BIO_printf(bio_err,
               " -no_alt_chains - only ever use the first certificate chain found\n");
    BIO_printf(bio_err,
               " -nocert       - Don't use any certificates (Anon-DH)\n");
    BIO_printf(bio_err,
@ -720,7 +746,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
            num = inl;
        wbuf =
            (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
-        if(!wbuf)
+        if (!wbuf)
            return 0;
        OPENSSL_free(b->ptr);
@ -998,7 +1024,7 @@ int MAIN(int argc, char *argv[])
    int off = 0;
    int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
 #ifndef OPENSSL_NO_ECDH
-    int no_ecdhe;
+    int no_ecdhe = 0;
 #endif
    int state = 0;
    const SSL_METHOD *meth = NULL;
@ -1654,7 +1680,11 @@ int MAIN(int argc, char *argv[])
            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
        } else {
            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
-            dh = get_dh512();
+            dh = get_dh2048();
            if (dh == NULL) {
                ERR_print_errors(bio_err);
                goto end;
            }
        }
        (void)BIO_flush(bio_s_out);
@ -2220,9 +2250,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 #ifndef OPENSSL_NO_SRP
                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during write\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
-                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
-                                              srp_callback_parm.login);
+                                               srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
@ -2251,8 +2282,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                    ret = 1;
                    goto err;
                }
-                l += k;
+                if (k > 0) {
-                i -= k;
+                    l += k;
                    i -= k;
                }
                if (i <= 0)
                    break;
            }
@ -2274,9 +2307,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 #ifndef OPENSSL_NO_SRP
                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
-                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
-                                              srp_callback_parm.login);
+                                               srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
@ -2361,9 +2395,10 @@ static int init_ssl_connection(SSL *con)
    while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
        BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
                   srp_callback_parm.login);
        SRP_user_pwd_free(srp_callback_parm.user);
        srp_callback_parm.user =
-            SRP_VBASE_get_by_user(srp_callback_parm.vb,
+            SRP_VBASE_get1_by_user(srp_callback_parm.vb,
-                                  srp_callback_parm.login);
+                                   srp_callback_parm.login);
        if (srp_callback_parm.user)
            BIO_printf(bio_s_out, "LOOKUP done %s\n",
                       srp_callback_parm.user->info);
@ -2590,9 +2625,10 @@ static int www_body(char *hostname, int s, unsigned char *context)
                   && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
                BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
                           srp_callback_parm.login);
                SRP_user_pwd_free(srp_callback_parm.user);
                srp_callback_parm.user =
-                    SRP_VBASE_get_by_user(srp_callback_parm.vb,
+                    SRP_VBASE_get1_by_user(srp_callback_parm.vb,
-                                          srp_callback_parm.login);
+                                           srp_callback_parm.login);
                if (srp_callback_parm.user)
                    BIO_printf(bio_s_out, "LOOKUP done %s\n",
                               srp_callback_parm.user->info);
@ -2628,6 +2664,22 @@ static int www_body(char *hostname, int s, unsigned char *context)
                goto err;
            } else {
                BIO_printf(bio_s_out, "read R BLOCK\n");
 #ifndef OPENSSL_NO_SRP
                if (BIO_should_io_special(io)
                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
                                               srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
                    else
                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
                    continue;
                }
 #endif
 #if defined(OPENSSL_SYS_NETWARE)
                delay(1000);
 #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
@ -2916,7 +2968,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
 {
    unsigned int count = 0;
    do {
-        RAND_pseudo_bytes(id, *id_len);
+        if (RAND_pseudo_bytes(id, *id_len) < 0)
            return 0;
        /*
         * Prefix the session_id with the required prefix. NB: If our prefix
         * is too long, clip it - but there will be worse effects anyway, eg.
--- a/apps/s_time.c
+++ b/apps/s_time.c
@ -302,7 +302,7 @@ static int parseArgs(int argc, char **argv)
            if (--argc < 1)
                goto bad;
            maxTime = atoi(*(++argv));
-            if(maxTime <= 0) {
+            if (maxTime <= 0) {
                BIO_printf(bio_err, "time must be > 0\n");
                badop = 1;
            }
--- a/apps/smime.c
+++ b/apps/smime.c
@ -441,6 +441,8 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,
                   "-CApath dir    trusted certificates directory\n");
        BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
        BIO_printf(bio_err,
                   "-no_alt_chains only ever use the first certificate chain found\n");
        BIO_printf(bio_err,
                   "-crl_check     check revocation status of signer's certificate using CRLs\n");
        BIO_printf(bio_err,
--- a/apps/speed.c
+++ b/apps/speed.c
@ -1,4 +1,4 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
+/* apps/speed.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
--- a/apps/srp.c
+++ b/apps/srp.c
@ -435,7 +435,7 @@ int MAIN(int argc, char **argv)
 # ifdef OPENSSL_SYS_VMS
            len = strlen(s) + sizeof(CONFIG_FILE);
            tofree = OPENSSL_malloc(len);
-            if(!tofree) {
+            if (!tofree) {
                BIO_printf(bio_err, "Out of memory\n");
                goto err;
            }
@ -443,7 +443,7 @@ int MAIN(int argc, char **argv)
 # else
            len = strlen(s) + sizeof(CONFIG_FILE) + 1;
            tofree = OPENSSL_malloc(len);
-            if(!tofree) {
+            if (!tofree) {
                BIO_printf(bio_err, "Out of memory\n");
                goto err;
            }
--- a/apps/verify.c
+++ b/apps/verify.c
@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
    if (ret == 1) {
        BIO_printf(bio_err,
                   "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
-        BIO_printf(bio_err, " [-attime timestamp]");
+        BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
 #ifndef OPENSSL_NO_ENGINE
        BIO_printf(bio_err, " [-engine e]");
 #endif
--- a/apps/x509.c
+++ b/apps/x509.c
@ -1170,12 +1170,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
    if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
        goto err;
-    /* Lets just make it 12:00am GMT, Jan 1 1970 */
+    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
    /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
    /* 28 days to be certified */
    if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
        NULL)
        goto err;
    if (!X509_set_pubkey(x, pkey))
--- a/appveyor.yml
+++ b/appveyor.yml
@ -0,0 +1,60 @@
 platform:
    - x86
    - x64
 environment:
    matrix:
        - VSVER: 9
        - VSVER: 10
        - VSVER: 11
        - VSVER: 12
        - VSVER: 14
 configuration:
    - plain
    - shared
 matrix:
    allow_failures:
        - platform: x64
          VSVER: 9
        - platform: x64
          VSVER: 10
        - platform: x64
          VSVER: 11
 before_build:
    - ps: >-
        If ($env:Platform -Match "x86") {
            $env:VCVARS_PLATFORM="x86"
            $env:TARGET="VC-WIN32"
            $env:DO="do_ms"
        } Else {
            $env:VCVARS_PLATFORM="amd64"
            $env:TARGET="VC-WIN64A"
            $env:DO="do_win64a"
        }
    - ps: >-
        If ($env:Configuration -Like "*shared*") {
            $env:MAK="ntdll.mak"
        } Else {
            $env:MAK="nt.mak"
        }
    - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
    - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
    - perl Configure %TARGET% no-asm
    - call ms\%DO%
 build_script:
    - nmake /f ms\%MAK%
 test_script:
    - nmake /f ms\%MAK% test
 notifications:
    - provider: Email
      to:
          - openssl-commits@openssl.org
      on_build_success: false
      on_build_failure: true
      on_build_status_changed: true
--- a/crypto/.cvsignore
+++ b/crypto/.cvsignore
@ -1,8 +0,0 @@
 lib
 buildinf.h
 opensslconf.h
 Makefile.save
 *.flc
 semantic.cache
 *cpuid.s
 uplink-cof.s
--- a/crypto/Makefile
+++ b/crypto/Makefile
@ -125,12 +125,17 @@ install:
 lint:
 	@target=lint; $(RECURSIVE_MAKE)
-depend:
+update: local_depend
 	@[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
 depend: local_depend
 	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
 local_depend:
 	@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
 	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 	@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
 	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
 clean:
 	rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--- a/crypto/aes/.cvsignore
+++ b/crypto/aes/.cvsignore
@ -1,5 +0,0 @@
 lib
 Makefile.save
 *.flc
 semantic.cache
 aes-*.s
--- a/crypto/aes/Makefile
+++ b/crypto/aes/Makefile
@ -106,6 +106,8 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 update: depend
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cbc.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cfb.c */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
 /**
 * rijndael-alg-fst.c
 *
--- a/crypto/aes/aes_ctr.c
+++ b/crypto/aes/aes_ctr.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ctr.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_ecb.c
+++ b/crypto/aes/aes_ecb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ecb.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ige.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_locl.h
+++ b/crypto/aes/aes_locl.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_misc.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_ofb.c
+++ b/crypto/aes/aes_ofb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ofb.c */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_x86core.c
+++ b/crypto/aes/aes_x86core.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
 /**
 * rijndael-alg-fst.c
 *
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
@ -45,7 +45,7 @@
 # the undertaken effort was that it appeared that in tight IA-32
 # register window little-endian flavor could achieve slightly higher
 # Instruction Level Parallelism, and it indeed resulted in up to 15%
-# better performance on most recent µ-archs...
+# better performance on most recent µ-archs...
 #
 # Third version adds AES_cbc_encrypt implementation, which resulted in
 # up to 40% performance imrovement of CBC benchmark results. 40% was
@ -223,7 +223,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
 $speed_limit=512;	# chunks smaller than $speed_limit are
 			# processed with compact routine in CBC mode
 $small_footprint=1;	# $small_footprint=1 code is ~5% slower [on
-			# recent µ-archs], but ~5 times smaller!
+			# recent µ-archs], but ~5 times smaller!
 			# I favor compact code to minimize cache
 			# contention and in hope to "collect" 5% back
 			# in real-life applications...
@ -562,7 +562,7 @@ sub enctransform()
 # Performance is not actually extraordinary in comparison to pure
 # x86 code. In particular encrypt performance is virtually the same.
 # Decrypt performance on the other hand is 15-20% better on newer
-# µ-archs [but we're thankful for *any* improvement here], and ~50%
+# µ-archs [but we're thankful for *any* improvement here], and ~50%
 # better on PIII:-) And additionally on the pros side this code
 # eliminates redundant references to stack and thus relieves/
 # minimizes the pressure on the memory bus.
--- a/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/aes/asm/aesni-x86.pl
@ -74,7 +74,7 @@ $inout3="xmm5";	$in1="xmm5";
 $inout4="xmm6";	$in0="xmm6";
 $inout5="xmm7";	$ivec="xmm7";
-# AESNI extenstion
+# AESNI extension
 sub aeskeygenassist
 { my($dst,$src,$imm)=@_;
    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
--- a/crypto/asn1/.cvsignore
+++ b/crypto/asn1/.cvsignore
@ -1,4 +0,0 @@
 lib
 Makefile.save
 *.flc
 semantic.cache
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@ -93,6 +93,8 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 update: depend
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
    } else {
        if (len != 0) {
            if ((ret->length < len) || (ret->data == NULL)) {
                if (ret->data != NULL)
                    OPENSSL_free(ret->data);
                s = (unsigned char *)OPENSSL_malloc((int)len + 1);
                if (s == NULL) {
                    i = ERR_R_MALLOC_FAILURE;
                    goto err;
                }
                if (ret->data != NULL)
                    OPENSSL_free(ret->data);
            } else
                s = ret->data;
            memcpy(s, p, (int)len);
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@ -141,6 +141,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
 #endif
 #define HEADER_SIZE   8
 #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 {
    BUF_MEM *b;
@ -217,29 +218,44 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
            /* suck in c.slen bytes of data */
            want = c.slen;
            if (want > (len - off)) {
                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
                want -= (len - off);
                if (want > INT_MAX /* BIO_read takes an int length */  ||
                    len + want < len) {
                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
                    goto err;
                }
                if (!BUF_MEM_grow_clean(b, len + want)) {
                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
                    goto err;
                }
                while (want > 0) {
-                    i = BIO_read(in, &(b->data[len]), want);
+                    /*
-                    if (i <= 0) {
+                     * Read content in chunks of increasing size
-                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+                     * so we can return an error for EOF without
-                                ASN1_R_NOT_ENOUGH_DATA);
+                     * having to allocate the entire content length
                     * in one go.
                     */
                    size_t chunk = want > chunk_max ? chunk_max : want;
                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
                        goto err;
                    }
                    want -= chunk;
                    while (chunk > 0) {
                        i = BIO_read(in, &(b->data[len]), chunk);
                        if (i <= 0) {
                            ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
                                    ASN1_R_NOT_ENOUGH_DATA);
                            goto err;
                        }
                    /*
                     * This can't overflow because |len+want| didn't
                     * overflow.
                     */
-                    len += i;
+                        len += i;
-                    want -= i;
+                        chunk -= i;
                    }
                    if (chunk_max < INT_MAX/2)
                        chunk_max *= 2;
                }
            }
            if (off + c.slen < off) {
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
    else {
        ret = a->length;
        i = a->data[0];
        if (ret == 1 && i == 0)
            neg = 0;
        if (!neg && (i > 127)) {
            pad = 1;
            pb = 0;
@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
        p += a->length - 1;
        i = a->length;
        /* Copy zeros to destination as long as source is zero */
-        while (!*n) {
+        while (!*n && i > 1) {
            *(p--) = 0;
            n--;
            i--;
@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
        ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
        goto err;
    }
-    if (BN_is_negative(bn))
+    if (BN_is_negative(bn) && !BN_is_zero(bn))
        ret->type = V_ASN1_NEG_INTEGER;
    else
        ret->type = V_ASN1_INTEGER;
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@ -74,6 +74,8 @@
 #define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}
 #define ASN1_FLAG_EXP_MAX       20
 /* Maximum number of nested sequences */
 #define ASN1_GEN_SEQ_MAX_DEPTH  50
 /* Input formats */
@ -110,13 +112,16 @@ typedef struct {
    int exp_count;
 } tag_exp_arg;
 static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
                              int *perr);
 static int bitstr_cb(const char *elem, int len, void *bitstr);
 static int asn1_cb(const char *elem, int len, void *bitstr);
 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
                      int exp_constructed, int exp_pad, int imp_ok);
 static int parse_tagging(const char *vstart, int vlen, int *ptag,
                         int *pclass);
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
                             int depth, int *perr);
 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
 static int asn1_str2tag(const char *tagstr, int len);
@ -132,6 +137,16 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
 }
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
 {
    int err = 0;
    ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
    if (err)
        ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
    return ret;
 }
 static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
                              int *perr)
 {
    ASN1_TYPE *ret;
    tag_exp_arg asn1_tags;
@ -152,17 +167,22 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
    asn1_tags.imp_class = -1;
    asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
    asn1_tags.exp_count = 0;
-    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
+    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
        *perr = ASN1_R_UNKNOWN_TAG;
        return NULL;
    }
    if ((asn1_tags.utype == V_ASN1_SEQUENCE)
        || (asn1_tags.utype == V_ASN1_SET)) {
        if (!cnf) {
-            ASN1err(ASN1_F_ASN1_GENERATE_V3,
+            *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
                    ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
            return NULL;
        }
-        ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
+        if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
            *perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
            return NULL;
        }
        ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
    } else
        ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
@ -280,7 +300,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
    int tmp_tag, tmp_class;
    if (elem == NULL)
-        return 0;
+        return -1;
    for (i = 0, p = elem; i < len; p++, i++) {
        /* Look for the ':' in name value pairs */
@ -353,7 +373,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
        break;
    case ASN1_GEN_FLAG_FORMAT:
-        if(!vstart) {
+        if (!vstart) {
            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
            return -1;
        }
@ -435,7 +455,8 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
 /* Handle multiple types: SET and SEQUENCE */
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
                             int depth, int *perr)
 {
    ASN1_TYPE *ret = NULL;
    STACK_OF(ASN1_TYPE) *sk = NULL;
@ -454,7 +475,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
            goto bad;
        for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
            ASN1_TYPE *typ =
-                ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
+                generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
                            depth + 1, perr);
            if (!typ)
                goto bad;
            if (!sk_ASN1_TYPE_push(sk, typ))
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@ -63,7 +63,7 @@
 #include <openssl/asn1_mac.h>
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-                           int max);
+                           long max);
 static void asn1_put_length(unsigned char **pp, int length);
 const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
    }
    *ptag = tag;
    *pclass = xclass;
-    if (!asn1_get_length(&p, &inf, plength, (int)max))
+    if (!asn1_get_length(&p, &inf, plength, max))
        goto err;
    if (inf && !(ret & V_ASN1_CONSTRUCTED))
@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 }
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-                           int max)
+                           long max)
 {
    const unsigned char *p = *pp;
    unsigned long ret = 0;
-    unsigned int i;
+    unsigned long i;
    if (max-- < 1)
-        return (0);
+        return 0;
    if (*p == 0x80) {
        *inf = 1;
        ret = 0;
@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
        *inf = 0;
        i = *p & 0x7f;
        if (*(p++) & 0x80) {
-            if (i > sizeof(long))
+            if (i > sizeof(ret) || max < (long)i)
                return 0;
            if (max-- == 0)
                return (0);
            while (i-- > 0) {
                ret <<= 8L;
                ret |= *(p++);
                if (max-- == 0)
                    return (0);
            }
        } else
            ret = i;
@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
        return 0;
    *pp = p;
    *rl = (long)ret;
-    return (1);
+    return 1;
 }
 /*
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@ -62,6 +62,10 @@
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
 #ifndef ASN1_PARSE_MAXDEPTH
 #define ASN1_PARSE_MAXDEPTH 128
 #endif
 static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
                           int indent);
 static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
@ -128,6 +132,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
 #else
    dump_indent = 6;            /* Because we know BIO_dump_indent() */
 #endif
    if (depth > ASN1_PARSE_MAXDEPTH) {
            BIO_puts(bp, "BAD RECURSION DEPTH\n");
            return 0;
    }
    p = *pp;
    tot = p + length;
    op = p - 1;
@ -163,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
        if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
            goto end;
        if (j & V_ASN1_CONSTRUCTED) {
            const unsigned char *sp;
            ep = p + len;
            if (BIO_write(bp, "\n", 1) <= 0)
                goto end;
@ -172,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                goto end;
            }
            if ((j == 0x21) && (len == 0)) {
                sp = p;
                for (;;) {
                    r = asn1_parse2(bp, &p, (long)(tot - p),
                                    offset + (p - *pp), depth + 1,
@ -180,19 +193,25 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                        ret = 0;
                        goto end;
                    }
-                    if ((r == 2) || (p >= tot))
+                    if ((r == 2) || (p >= tot)) {
                        len = p - sp;
                        break;
                    }
                }
-            } else
+            } else {
                long tmp = len;
                while (p < ep) {
-                    r = asn1_parse2(bp, &p, (long)len,
+                    sp = p;
-                                    offset + (p - *pp), depth + 1,
+                    r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
                                    indent, dump);
                    if (r == 0) {
                        ret = 0;
                        goto end;
                    }
                    tmp -= p - sp;
                }
            }
        } else if (xclass != 0) {
            p += len;
            if (BIO_write(bp, "\n", 1) <= 0)
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@ -289,7 +289,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
    if ((flags & SMIME_DETACHED) && data) {
        /* We want multipart/signed */
        /* Generate a random boundary */
-        RAND_pseudo_bytes((unsigned char *)bound, 32);
+        if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
            return 0;
        for (i = 0; i < 32; i++) {
            c = bound[i] & 0xf;
            if (c < 10)
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@ -162,7 +162,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
    derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
    p = OPENSSL_malloc(derlen);
-    if(!p)
+    if (!p)
        return 0;
    ndef_aux->derbuf = p;
@ -232,7 +232,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
    derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
    p = OPENSSL_malloc(derlen);
-    if(!p)
+    if (!p)
        return 0;
    ndef_aux->derbuf = p;
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@ -72,6 +72,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                         long length)
 {
    EVP_PKEY *ret;
    const unsigned char *p = *pp;
    if ((a == NULL) || (*a == NULL)) {
        if ((ret = EVP_PKEY_new()) == NULL) {
@ -94,21 +95,23 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
    }
    if (!ret->ameth->old_priv_decode ||
-        !ret->ameth->old_priv_decode(ret, pp, length)) {
+        !ret->ameth->old_priv_decode(ret, &p, length)) {
        if (ret->ameth->priv_decode) {
            PKCS8_PRIV_KEY_INFO *p8 = NULL;
-            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
            if (!p8)
                goto err;
            EVP_PKEY_free(ret);
            ret = EVP_PKCS82PKEY(p8);
            PKCS8_PRIV_KEY_INFO_free(p8);
-
+            if (ret == NULL)
                goto err;
        } else {
            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
            goto err;
        }
    }
    *pp = p;
    if (a != NULL)
        (*a) = ret;
    return (ret);
@ -136,6 +139,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
     * input is surrounded by an ASN1 SEQUENCE.
     */
    inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
    p = *pp;
    /*
     * Since we only need to discern "traditional format" RSA and DSA keys we
     * can just count the elements.
@ -146,7 +150,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
        keytype = EVP_PKEY_EC;
    else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
                                              * traditional format */
-        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
        EVP_PKEY *ret;
        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
@ -157,6 +161,9 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
        }
        ret = EVP_PKCS82PKEY(p8);
        PKCS8_PRIV_KEY_INFO_free(p8);
        if (ret == NULL)
            return NULL;
        *pp = p;
        if (a) {
            *a = ret;
        }
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@ -140,7 +140,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
            goto err;
        bs = X509_get_serialNumber(x);
-        if (bs->length <= (int)sizeof(long)) {
+        if (bs->length < (int)sizeof(long)
            || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
            l = ASN1_INTEGER_get(bs);
            if (bs->type == V_ASN1_NEG_INTEGER) {
                l = -l;
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
    int otag;
    int ret = 0;
    ASN1_VALUE **pchptr, *ptmpval;
    int combine = aclass & ASN1_TFLG_COMBINE;
    aclass &= ~ASN1_TFLG_COMBINE;
    if (!pval)
        return 0;
    if (aux && aux->asn1_cb)
@ -350,9 +352,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
        }
        asn1_set_choice_selector(pval, i, it);
        *in = p;
        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
            goto auxerr;
        *in = p;
        return 1;
    case ASN1_ITYPE_NDEF_SEQUENCE:
@ -489,9 +491,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
        /* Save encoding */
        if (!asn1_enc_save(pval, *in, p - *in, it))
            goto auxerr;
        *in = p;
        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
            goto auxerr;
        *in = p;
        return 1;
    default:
@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 auxerr:
    ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
 err:
-    ASN1_item_ex_free(pval, it);
+    if (combine == 0)
        ASN1_item_ex_free(pval, it);
    if (errtt)
        ERR_add_error_data(4, "Field=", errtt->field_name,
                           ", Type=", it->sname);
@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
    } else {
        /* Nothing special */
        ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-                               -1, 0, opt, ctx);
+                               -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
        if (!ret) {
            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
            goto err;
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
    else
        asn1_cb = 0;
    if (!combine)
        *pval = NULL;
 #ifdef CRYPTO_MDEBUG
    if (it->sname)
        CRYPTO_push_info(it->sname);
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@ -290,7 +290,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
            const ASN1_TEMPLATE *seqtt;
            seqtt = asn1_do_adb(fld, tt, 1);
-            if(!seqtt)
+            if (!seqtt)
                return 0;
            tmpfld = asn1_get_field_ptr(fld, seqtt);
            if (!asn1_template_print_ctx(out, tmpfld,
--- a/crypto/asn1/x_bignum.c
+++ b/crypto/asn1/x_bignum.c
@ -141,8 +141,9 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                  int utype, char *free_cont, const ASN1_ITEM *it)
 {
    BIGNUM *bn;
-    if (!*pval)
+
-        bn_new(pval, it);
+    if (*pval == NULL && !bn_new(pval, it))
        return 0;
    bn = (BIGNUM *)*pval;
    if (!BN_bin2bn(cont, len, bn)) {
        bn_free(pval, it);
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@ -66,6 +66,13 @@
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
 /*
 * Maximum length of X509_NAME: much larger than anything we should
 * ever see in practice.
 */
 #define X509_NAME_MAX (1024 * 1024)
 static int x509_name_ex_d2i(ASN1_VALUE **val,
                            const unsigned char **in, long len,
                            const ASN1_ITEM *it,
@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
    int i, j, ret;
    STACK_OF(X509_NAME_ENTRY) *entries;
    X509_NAME_ENTRY *entry;
    if (len > X509_NAME_MAX) {
        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
        return 0;
    }
    q = p;
    /* Get internal representation of Name */
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@ -188,13 +188,16 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
 {
    X509_PUBKEY *xpk;
    EVP_PKEY *pktmp;
-    xpk = d2i_X509_PUBKEY(NULL, pp, length);
+    const unsigned char *q;
    q = *pp;
    xpk = d2i_X509_PUBKEY(NULL, &q, length);
    if (!xpk)
        return NULL;
    pktmp = X509_PUBKEY_get(xpk);
    X509_PUBKEY_free(xpk);
    if (!pktmp)
        return NULL;
    *pp = q;
    if (a) {
        EVP_PKEY_free(*a);
        *a = pktmp;
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@ -177,22 +177,21 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
    /* Save start position */
    q = *pp;
-    if(!a || *a == NULL) {
+    if (!a || *a == NULL) {
        freeret = 1;
    }
-    ret = d2i_X509(a, pp, length);
+    ret = d2i_X509(a, &q, length);
    /* If certificate unreadable then forget it */
    if (!ret)
        return NULL;
    /* update length */
-    length -= *pp - q;
+    length -= q - *pp;
-    if (!length)
+    if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
        return ret;
    if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
        goto err;
    *pp = q;
    return ret;
 err:
-    if(freeret) {
+    if (freeret) {
        X509_free(ret);
        if (a)
            *a = NULL;
@ -202,9 +201,19 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 int i2d_X509_AUX(X509 *a, unsigned char **pp)
 {
-    int length;
+    int length, tmplen;
    unsigned char *start = pp != NULL ? *pp : NULL;
    length = i2d_X509(a, pp);
-    if (a)
+    if (length < 0 || a == NULL)
-        length += i2d_X509_CERT_AUX(a->aux, pp);
+        return length;
    tmplen = i2d_X509_CERT_AUX(a->aux, pp);
    if (tmplen < 0) {
        if (start != NULL)
            *pp = start;
        return tmplen;
    }
    length += tmplen;
    return length;
 }
--- a/crypto/bf/.cvsignore
+++ b/crypto/bf/.cvsignore
@ -1,5 +0,0 @@
 lib
 Makefile.save
 *.flc
 semantic.cache
 bf-*.s
--- a/crypto/bf/Makefile
+++ b/crypto/bf/Makefile
@ -72,6 +72,8 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 update: depend
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/crypto/bf/asm/.cvsignore
+++ b/crypto/bf/asm/.cvsignore
@ -1,4 +0,0 @@
 bx86unix.cpp
 bx86-elf.s
 *.flc
 semantic.cache
--- a/crypto/bio/.cvsignore
+++ b/crypto/bio/.cvsignore
@ -1,4 +0,0 @@
 lib
 Makefile.save
 *.flc
 semantic.cache
--- a/crypto/bio/Makefile
+++ b/crypto/bio/Makefile
@ -73,6 +73,8 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 update: depend
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
@ -104,7 +104,6 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
    if ((rows * dump_width) < len)
        rows++;
    for (i = 0; i < rows; i++) {
        buf[0] = '\0';          /* start with empty string */
        BUF_strlcpy(buf, str, sizeof buf);
        BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width);
        BUF_strlcat(buf, tmp, sizeof buf);
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@ -125,16 +125,16 @@
 # define LLONG long
 #endif
-static void fmtstr(char **, char **, size_t *, size_t *,
+static int fmtstr(char **, char **, size_t *, size_t *,
-                   const char *, int, int, int);
+                  const char *, int, int, int);
-static void fmtint(char **, char **, size_t *, size_t *,
+static int fmtint(char **, char **, size_t *, size_t *,
-                   LLONG, int, int, int, int);
+                  LLONG, int, int, int, int);
-static void fmtfp(char **, char **, size_t *, size_t *,
+static int fmtfp(char **, char **, size_t *, size_t *,
-                  LDOUBLE, int, int, int);
+                 LDOUBLE, int, int, int);
-static void doapr_outch(char **, char **, size_t *, size_t *, int);
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
+static int _dopr(char **sbuffer, char **buffer,
-                  size_t *maxlen, size_t *retlen, int *truncated,
+                 size_t *maxlen, size_t *retlen, int *truncated,
-                  const char *format, va_list args);
+                 const char *format, va_list args);
 /* format read states */
 #define DP_S_DEFAULT    0
@ -165,7 +165,7 @@ static void _dopr(char **sbuffer, char **buffer,
 #define char_to_int(p) (p - '0')
 #define OSSL_MAX(p,q) ((p >= q) ? p : q)
-static void
+static int
 _dopr(char **sbuffer,
      char **buffer,
      size_t *maxlen,
@ -196,7 +196,8 @@ _dopr(char **sbuffer,
            if (ch == '%')
                state = DP_S_FLAGS;
            else
-                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
                    return 0;
            ch = *format++;
            break;
        case DP_S_FLAGS:
@ -302,8 +303,9 @@ _dopr(char **sbuffer,
                    value = va_arg(args, int);
                    break;
                }
-                fmtint(sbuffer, buffer, &currlen, maxlen,
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
-                       value, 10, min, max, flags);
+                            max, flags))
                    return 0;
                break;
            case 'X':
                flags |= DP_F_UP;
@ -326,17 +328,19 @@ _dopr(char **sbuffer,
                    value = (LLONG) va_arg(args, unsigned int);
                    break;
                }
-                fmtint(sbuffer, buffer, &currlen, maxlen, value,
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
-                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+                            ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
-                       min, max, flags);
+                            min, max, flags))
                    return 0;
                break;
            case 'f':
                if (cflags == DP_C_LDOUBLE)
                    fvalue = va_arg(args, LDOUBLE);
                else
                    fvalue = va_arg(args, double);
-                fmtfp(sbuffer, buffer, &currlen, maxlen,
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
-                      fvalue, min, max, flags);
+                           flags))
                    return 0;
                break;
            case 'E':
                flags |= DP_F_UP;
@ -355,8 +359,9 @@ _dopr(char **sbuffer,
                    fvalue = va_arg(args, double);
                break;
            case 'c':
-                doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
-                            va_arg(args, int));
+                            va_arg(args, int)))
                    return 0;
                break;
            case 's':
                strvalue = va_arg(args, char *);
@ -366,13 +371,15 @@ _dopr(char **sbuffer,
                    else
                        max = *maxlen;
                }
-                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
-                       flags, min, max);
+                            flags, min, max))
                    return 0;
                break;
            case 'p':
                value = (long)va_arg(args, void *);
-                fmtint(sbuffer, buffer, &currlen, maxlen,
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen,
-                       value, 16, min, max, flags | DP_F_NUM);
+                            value, 16, min, max, flags | DP_F_NUM))
                    return 0;
                break;
            case 'n':          /* XXX */
                if (cflags == DP_C_SHORT) {
@ -394,7 +401,8 @@ _dopr(char **sbuffer,
                }
                break;
            case '%':
-                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
                    return 0;
                break;
            case 'w':
                /* not supported yet, treat as next char */
@ -418,46 +426,56 @@ _dopr(char **sbuffer,
    *truncated = (currlen > *maxlen - 1);
    if (*truncated)
        currlen = *maxlen - 1;
-    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
+    if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
        return 0;
    *retlen = currlen - 1;
-    return;
+    return 1;
 }
-static void
+static int
 fmtstr(char **sbuffer,
       char **buffer,
       size_t *currlen,
       size_t *maxlen, const char *value, int flags, int min, int max)
 {
-    int padlen, strln;
+    int padlen;
    size_t strln;
    int cnt = 0;
    if (value == 0)
        value = "<NULL>";
-    for (strln = 0; value[strln]; ++strln) ;
+
    strln = strlen(value);
    if (strln > INT_MAX)
        strln = INT_MAX;
    padlen = min - strln;
-    if (padlen < 0)
+    if (min < 0 || padlen < 0)
        padlen = 0;
    if (flags & DP_F_MINUS)
        padlen = -padlen;
    while ((padlen > 0) && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        --padlen;
        ++cnt;
    }
    while (*value && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
            return 0;
        ++cnt;
    }
    while ((padlen < 0) && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        ++padlen;
        ++cnt;
    }
    return 1;
 }
-static void
+static int
 fmtint(char **sbuffer,
       char **buffer,
       size_t *currlen,
@ -517,37 +535,44 @@ fmtint(char **sbuffer,
    /* spaces */
    while (spadlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        --spadlen;
    }
    /* sign */
    if (signvalue)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
            return 0;
    /* prefix */
    while (*prefix) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
            return 0;
        prefix++;
    }
    /* zeros */
    if (zpadlen > 0) {
        while (zpadlen > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+            if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
                return 0;
            --zpadlen;
        }
    }
    /* digits */
-    while (place > 0)
+    while (place > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
            return 0;
    }
    /* left justified spaces */
    while (spadlen < 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        ++spadlen;
    }
-    return;
+    return 1;
 }
 static LDOUBLE abs_val(LDOUBLE value)
@ -578,7 +603,7 @@ static long roundv(LDOUBLE value)
    return intpart;
 }
-static void
+static int
 fmtfp(char **sbuffer,
      char **buffer,
      size_t *currlen,
@ -657,79 +682,91 @@ fmtfp(char **sbuffer,
    if ((flags & DP_F_ZERO) && (padlen > 0)) {
        if (signvalue) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
                return 0;
            --padlen;
            signvalue = 0;
        }
        while (padlen > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
                return 0;
            --padlen;
        }
    }
    while (padlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        --padlen;
    }
-    if (signvalue)
+    if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+        return 0;
-    while (iplace > 0)
+    while (iplace > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
            return 0;
    }
    /*
     * Decimal point. This should probably use locale to find the correct
     * char to print out.
     */
    if (max > 0 || (flags & DP_F_NUM)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
            return 0;
-        while (fplace > 0)
+        while (fplace > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
+            if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
                            fconvert[--fplace]))
                return 0;
        }
    }
    while (zpadlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
            return 0;
        --zpadlen;
    }
    while (padlen < 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        ++padlen;
    }
    return 1;
 }
-static void
+#define BUFFER_INC  1024
 static int
 doapr_outch(char **sbuffer,
            char **buffer, size_t *currlen, size_t *maxlen, int c)
 {
    /* If we haven't at least one buffer, someone has doe a big booboo */
    assert(*sbuffer != NULL || buffer != NULL);
-    if (buffer) {
+    /* |currlen| must always be <= |*maxlen| */
-        while (*currlen >= *maxlen) {
+    assert(*currlen <= *maxlen);
-            if (*buffer == NULL) {
+
-                if (*maxlen == 0)
+    if (buffer && *currlen == *maxlen) {
-                    *maxlen = 1024;
+        if (*maxlen > INT_MAX - BUFFER_INC)
-                *buffer = OPENSSL_malloc(*maxlen);
+            return 0;
-                if(!*buffer) {
+
-                    /* Panic! Can't really do anything sensible. Just return */
+        *maxlen += BUFFER_INC;
-                    return;
+        if (*buffer == NULL) {
-                }
+            *buffer = OPENSSL_malloc(*maxlen);
-                if (*currlen > 0) {
+            if (*buffer == NULL)
-                    assert(*sbuffer != NULL);
+                return 0;
-                    memcpy(*buffer, *sbuffer, *currlen);
+            if (*currlen > 0) {
-                }
+                assert(*sbuffer != NULL);
-                *sbuffer = NULL;
+                memcpy(*buffer, *sbuffer, *currlen);
            } else {
                *maxlen += 1024;
                *buffer = OPENSSL_realloc(*buffer, *maxlen);
                if(!*buffer) {
                    /* Panic! Can't really do anything sensible. Just return */
                    return;
                }
            }
            *sbuffer = NULL;
        } else {
            char *tmpbuf;
            tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
            if (tmpbuf == NULL)
                return 0;
            *buffer = tmpbuf;
        }
        /* What to do if *buffer is NULL? */
        assert(*sbuffer != NULL || *buffer != NULL);
    }
    if (*currlen < *maxlen) {
@ -739,7 +776,7 @@ doapr_outch(char **sbuffer,
            (*buffer)[(*currlen)++] = (char)c;
    }
-    return;
+    return 1;
 }
 /***************************************************************************/
@ -771,7 +808,11 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
    dynbuf = NULL;
    CRYPTO_push_info("doapr()");
-    _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
+    if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
                args)) {
        OPENSSL_free(dynbuf);
        return -1;
    }
    if (dynbuf) {
        ret = BIO_write(bio, dynbuf, (int)retlen);
        OPENSSL_free(dynbuf);
@ -806,7 +847,8 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
    size_t retlen;
    int truncated;
-    _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
+    if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
        return -1;
    if (truncated)
        /*
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@ -139,7 +139,8 @@ static int nbiof_read(BIO *b, char *out, int outl)
    BIO_clear_retry_flags(b);
 #if 1
-    RAND_pseudo_bytes(&n, 1);
+    if (RAND_pseudo_bytes(&n, 1) < 0)
        return -1;
    num = (n & 0x07);
    if (outl > num)
@ -178,7 +179,8 @@ static int nbiof_write(BIO *b, const char *in, int inl)
        num = nt->lwn;
        nt->lwn = 0;
    } else {
-        RAND_pseudo_bytes(&n, 1);
+        if (RAND_pseudo_bytes(&n, 1) < 0)
            return -1;
        num = (n & 7);
    }
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@ -290,7 +290,7 @@ void BIO_clear_flags(BIO *b, int flags);
 * BIO_CB_RETURN flag indicates if it is after the call
 */
 # define BIO_CB_RETURN   0x80
-# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
 # define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
 # define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
@ -478,11 +478,11 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 # define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
 # define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
+# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
 # define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-/* BIO_s_accept_socket() */
+/* BIO_s_accept() */
 # define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
 # define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
 /* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@ -495,6 +495,7 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
 # define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
 /* BIO_s_accept() and BIO_s_connect() */
 # define BIO_do_connect(b)       BIO_do_handshake(b)
 # define BIO_do_accept(b)        BIO_do_handshake(b)
 # define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@ -514,12 +515,15 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
 # define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
 /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
 # define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
 # define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
 /* BIO_s_file() */
 # define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
 # define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
 /* BIO_s_fd() and BIO_s_file() */
 # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
 # define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in)
        /* copy app data */
        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
-                                &bio->ex_data))
+                                &bio->ex_data)) {
            BIO_free(new_bio);
            goto err;
        }
        if (ret == NULL) {
            eoc = new_bio;
@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in)
    }
    return (ret);
 err:
-    if (ret != NULL)
+    BIO_free_all(ret);
-        BIO_free(ret);
+
    return (NULL);
 }
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@ -1,4 +1,4 @@
-/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* crypto/bio/bss_bio.c  */
 /* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
    BIO *dbio;
    int *ip;
-    const char **pptr;
+    const char **pptr = NULL;
    long ret = 1;
    BIO_CONNECT *data;
@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
    case BIO_C_GET_CONNECT:
        if (ptr != NULL) {
            pptr = (const char **)ptr;
-            if (num == 0) {
+        }
                *pptr = data->param_hostname;
-            } else if (num == 1) {
+        if (b->init) {
-                *pptr = data->param_port;
+            if (pptr != NULL) {
-            } else if (num == 2) {
+                ret = 1;
-                *pptr = (char *)&(data->ip[0]);
+                if (num == 0) {
-            } else if (num == 3) {
+                    *pptr = data->param_hostname;
-                *((int *)ptr) = data->port;
+                } else if (num == 1) {
                    *pptr = data->param_port;
                } else if (num == 2) {
                    *pptr = (char *)&(data->ip[0]);
                } else {
                    ret = 0;
                }
            }
-            if ((!b->init) || (ptr == NULL))
+            if (num == 3) {
                ret = data->port;
            }
        } else {
            if (pptr != NULL)
                *pptr = "not initialized";
-            ret = 1;
+            ret = 0;
        }
        break;
    case BIO_C_SET_CONNECT:
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@ -299,16 +299,17 @@ static void dgram_adjust_rcv_timeout(BIO *b)
        /* Calculate time left until timer expires */
        memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
-        timeleft.tv_sec -= timenow.tv_sec;
+        if (timeleft.tv_usec < timenow.tv_usec) {
-        timeleft.tv_usec -= timenow.tv_usec;
+            timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
        if (timeleft.tv_usec < 0) {
            timeleft.tv_sec--;
-            timeleft.tv_usec += 1000000;
+        } else {
            timeleft.tv_usec -= timenow.tv_usec;
        }
-
+        if (timeleft.tv_sec < timenow.tv_sec) {
        if (timeleft.tv_sec < 0) {
            timeleft.tv_sec = 0;
            timeleft.tv_usec = 1;
        } else {
            timeleft.tv_sec -= timenow.tv_sec;
        }
        /*
@ -514,10 +515,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
    switch (cmd) {
    case BIO_CTRL_RESET:
        num = 0;
    case BIO_C_FILE_SEEK:
        ret = 0;
        break;
    case BIO_C_FILE_TELL:
    case BIO_CTRL_INFO:
        ret = 0;
        break;
@ -953,7 +952,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
     */
    sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
    authchunks = OPENSSL_malloc(sockopt_len);
-    if(!authchunks) {
+    if (!authchunks) {
        BIO_vfree(bio);
        return (NULL);
    }
@ -1293,7 +1292,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
                (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
            authchunks = OPENSSL_malloc(optlen);
            if (!authchunks) {
-                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR);
+                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
                return -1;
            }
            memset(authchunks, 0, sizeof(optlen));
@ -1364,8 +1363,8 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
    if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) {
        char *tmp;
        data->saved_message.bio = b;
-        if(!(tmp = OPENSSL_malloc(inl))) {
+        if (!(tmp = OPENSSL_malloc(inl))) {
-            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR);
+            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
            return -1;
        }
        if (data->saved_message.data)
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@ -115,9 +115,8 @@ static BIO_METHOD methods_filep = {
    NULL,
 };
-BIO *BIO_new_file(const char *filename, const char *mode)
+static FILE *file_fopen(const char *filename, const char *mode)
 {
    BIO *ret;
    FILE *file = NULL;
 #  if defined(_WIN32) && defined(CP_UTF8)
@ -164,6 +163,14 @@ BIO *BIO_new_file(const char *filename, const char *mode)
 #  else
    file = fopen(filename, mode);
 #  endif
    return (file);
 }
 BIO *BIO_new_file(const char *filename, const char *mode)
 {
    BIO  *ret;
    FILE *file = file_fopen(filename, mode);
    if (file == NULL) {
        SYSerr(SYS_F_FOPEN, get_last_sys_error());
        ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
@ -386,7 +393,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
        else
            strcat(p, "t");
 #  endif
-        fp = fopen(ptr, p);
+        fp = file_fopen(ptr, p);
        if (fp == NULL) {
            SYSerr(SYS_F_FOPEN, get_last_sys_error());
            ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
--- a/crypto/bn/.cvsignore
+++ b/crypto/bn/.cvsignore
@ -1,7 +0,0 @@
 lib
 Makefile.save
 *.flc
 semantic.cache
 co-*.s
 bn-*.s
 *-mont.s
--- a/crypto/bn/Makefile
+++ b/crypto/bn/Makefile
@ -167,6 +167,8 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 update: bn_prime.h depend
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
@ -241,7 +243,8 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h
+bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
 bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
 bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
--- a/crypto/bn/asm/.cvsignore
+++ b/crypto/bn/asm/.cvsignore
@ -1,6 +0,0 @@
 bn86unix.cpp
 co86unix.cpp
 bn86-elf.s
 co86-elf.s
 *.flc
 semantic.cache
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
@ -41,13 +41,13 @@ $code=<<___;
 .align	5
 mul_1x1_neon:
 	vshl.u64	`&Dlo("q1")`,d16,#8	@ q1-q3 are slided $a
-	vmull.p8	`&Q("d0")`,d16,d17	@ a·bb
+	vmull.p8	`&Q("d0")`,d16,d17	@ a·bb
 	vshl.u64	`&Dlo("q2")`,d16,#16
-	vmull.p8	q1,`&Dlo("q1")`,d17	@ a<<8·bb
+	vmull.p8	q1,`&Dlo("q1")`,d17	@ a<<8·bb
 	vshl.u64	`&Dlo("q3")`,d16,#24
-	vmull.p8	q2,`&Dlo("q2")`,d17	@ a<<16·bb
+	vmull.p8	q2,`&Dlo("q2")`,d17	@ a<<16·bb
 	vshr.u64	`&Dlo("q1")`,#8
-	vmull.p8	q3,`&Dlo("q3")`,d17	@ a<<24·bb
+	vmull.p8	q3,`&Dlo("q3")`,d17	@ a<<24·bb
 	vshl.u64	`&Dhi("q1")`,#24
 	veor		d0,`&Dlo("q1")`
 	vshr.u64	`&Dlo("q2")`,#16
@ -158,7 +158,7 @@ ___
 ################
 # void	bn_GF2m_mul_2x2(BN_ULONG *r,
 #	BN_ULONG a1,BN_ULONG a0,
-#	BN_ULONG b1,BN_ULONG b0);	# r[3..0]=a1a0·b1b0
+#	BN_ULONG b1,BN_ULONG b0);	# r[3..0]=a1a0·b1b0
 ($A1,$B1,$A0,$B0,$A1B1,$A0B0)=map("d$_",(18..23));
@ -184,20 +184,20 @@ bn_GF2m_mul_2x2:
 	vmov	d16,$A1
 	vmov	d17,$B1
-	bl	mul_1x1_neon		@ a1·b1
+	bl	mul_1x1_neon		@ a1·b1
 	vmov	$A1B1,d0
 	vmov	d16,$A0
 	vmov	d17,$B0
-	bl	mul_1x1_neon		@ a0·b0
+	bl	mul_1x1_neon		@ a0·b0
 	vmov	$A0B0,d0
 	veor	d16,$A0,$A1
 	veor	d17,$B0,$B1
 	veor	$A0,$A0B0,$A1B1
-	bl	mul_1x1_neon		@ (a0+a1)·(b0+b1)
+	bl	mul_1x1_neon		@ (a0+a1)·(b0+b1)
-	veor	d0,$A0			@ (a0+a1)·(b0+b1)-a0·b0-a1·b1
+	veor	d0,$A0			@ (a0+a1)·(b0+b1)-a0·b0-a1·b1
 	vshl.u64 d1,d0,#32
 	vshr.u64 d0,d0,#32
 	veor	$A0B0,d1
@ -220,7 +220,7 @@ $code.=<<___;
 	mov	$mask,#7<<2
 	sub	sp,sp,#32		@ allocate tab[8]
-	bl	mul_1x1_ialu		@ a1·b1
+	bl	mul_1x1_ialu		@ a1·b1
 	str	$lo,[$ret,#8]
 	str	$hi,[$ret,#12]
@ -230,13 +230,13 @@ $code.=<<___;
 	 eor	r2,r2,$a
 	eor	$b,$b,r3
 	 eor	$a,$a,r2
-	bl	mul_1x1_ialu		@ a0·b0
+	bl	mul_1x1_ialu		@ a0·b0
 	str	$lo,[$ret]
 	str	$hi,[$ret,#4]
 	eor	$a,$a,r2
 	eor	$b,$b,r3
-	bl	mul_1x1_ialu		@ (a1+a0)·(b1+b0)
+	bl	mul_1x1_ialu		@ (a1+a0)·(b1+b0)
 ___
@r=map("r$_",(6..9));
 $code.=<<___;
--- a/crypto/bn/asm/ia64.S
+++ b/crypto/bn/asm/ia64.S
@ -422,7 +422,7 @@ bn_mul_add_words:
 // This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
 // Itanium 2. Yes, unlike previous versions it scales:-) Previous
-// version was peforming *all* additions in IALU and was starving
+// version was performing *all* additions in IALU and was starving
 // for those even on Itanium 2. In this version one addition is
 // moved to FPU and is folded with multiplication. This is at cost
 // of propogating the result from previous call to this subroutine
@ -568,7 +568,7 @@ bn_sqr_comba8:
 // I've estimated this routine to run in ~120 ticks, but in reality
 // (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
 // cycles consumed for instructions fetch? Or did I misinterpret some
-// clause in Itanium µ-architecture manual? Comments are welcomed and
+// clause in Itanium µ-architecture manual? Comments are welcomed and
 // highly appreciated.
 //
 // On Itanium 2 it takes ~190 ticks. This is because of stalls on
--- a/crypto/bn/asm/s390x-gf2m.pl
+++ b/crypto/bn/asm/s390x-gf2m.pl
@ -172,19 +172,19 @@ ___
 if ($SIZE_T==8) {
 my @r=map("%r$_",(6..9));
 $code.=<<___;
-	bras	$ra,_mul_1x1			# a1·b1
+	bras	$ra,_mul_1x1			# a1·b1
 	stmg	$lo,$hi,16($rp)
 	lg	$a,`$stdframe+128+4*$SIZE_T`($sp)
 	lg	$b,`$stdframe+128+6*$SIZE_T`($sp)
-	bras	$ra,_mul_1x1			# a0·b0
+	bras	$ra,_mul_1x1			# a0·b0
 	stmg	$lo,$hi,0($rp)
 	lg	$a,`$stdframe+128+3*$SIZE_T`($sp)
 	lg	$b,`$stdframe+128+5*$SIZE_T`($sp)
 	xg	$a,`$stdframe+128+4*$SIZE_T`($sp)
 	xg	$b,`$stdframe+128+6*$SIZE_T`($sp)
-	bras	$ra,_mul_1x1			# (a0+a1)·(b0+b1)
+	bras	$ra,_mul_1x1			# (a0+a1)·(b0+b1)
 	lmg	@r[0],@r[3],0($rp)
 	xgr	$lo,$hi
--- a/crypto/bn/asm/x86-gf2m.pl
+++ b/crypto/bn/asm/x86-gf2m.pl
@ -14,7 +14,7 @@
 # the time being... Except that it has three code paths: pure integer
 # code suitable for any x86 CPU, MMX code suitable for PIII and later
 # and PCLMULQDQ suitable for Westmere and later. Improvement varies
-# from one benchmark and µ-arch to another. Below are interval values
+# from one benchmark and µ-arch to another. Below are interval values
 # for 163- and 571-bit ECDH benchmarks relative to compiler-generated
 # code:
 #
@ -226,22 +226,22 @@ if ($sse2) {
 	&push	("edi");
 	&mov	($a,&wparam(1));
 	&mov	($b,&wparam(3));
-	&call	("_mul_1x1_mmx");	# a1·b1
+	&call	("_mul_1x1_mmx");	# a1·b1
 	&movq	("mm7",$R);
 	&mov	($a,&wparam(2));
 	&mov	($b,&wparam(4));
-	&call	("_mul_1x1_mmx");	# a0·b0
+	&call	("_mul_1x1_mmx");	# a0·b0
 	&movq	("mm6",$R);
 	&mov	($a,&wparam(1));
 	&mov	($b,&wparam(3));
 	&xor	($a,&wparam(2));
 	&xor	($b,&wparam(4));
-	&call	("_mul_1x1_mmx");	# (a0+a1)·(b0+b1)
+	&call	("_mul_1x1_mmx");	# (a0+a1)·(b0+b1)
 	&pxor	($R,"mm7");
 	&mov	($a,&wparam(0));
-	&pxor	($R,"mm6");		# (a0+a1)·(b0+b1)-a1·b1-a0·b0
+	&pxor	($R,"mm6");		# (a0+a1)·(b0+b1)-a1·b1-a0·b0
 	&movq	($A,$R);
 	&psllq	($R,32);
@ -266,13 +266,13 @@ if ($sse2) {
 	&mov	($a,&wparam(1));
 	&mov	($b,&wparam(3));
-	&call	("_mul_1x1_ialu");	# a1·b1
+	&call	("_mul_1x1_ialu");	# a1·b1
 	&mov	(&DWP(8,"esp"),$lo);
 	&mov	(&DWP(12,"esp"),$hi);
 	&mov	($a,&wparam(2));
 	&mov	($b,&wparam(4));
-	&call	("_mul_1x1_ialu");	# a0·b0
+	&call	("_mul_1x1_ialu");	# a0·b0
 	&mov	(&DWP(0,"esp"),$lo);
 	&mov	(&DWP(4,"esp"),$hi);
@ -280,7 +280,7 @@ if ($sse2) {
 	&mov	($b,&wparam(3));
 	&xor	($a,&wparam(2));
 	&xor	($b,&wparam(4));
-	&call	("_mul_1x1_ialu");	# (a0+a1)·(b0+b1)
+	&call	("_mul_1x1_ialu");	# (a0+a1)·(b0+b1)
 	&mov	("ebp",&wparam(0));
 		 @r=("ebx","ecx","edi","esi");
--- a/crypto/bn/asm/x86-mont.pl
+++ b/crypto/bn/asm/x86-mont.pl
@ -85,6 +85,21 @@ $frame=32;				# size of above frame rounded up to 16n
 	&and	("esp",-64);		# align to cache line
 	# Some OSes, *cough*-dows, insist on stack being "wired" to
 	# physical memory in strictly sequential manner, i.e. if stack
 	# allocation spans two pages, then reference to farmost one can
 	# be punishable by SEGV. But page walking can do good even on
 	# other OSes, because it guarantees that villain thread hits
 	# the guard page before it can make damage to innocent one...
 	&mov	("eax","ebp");
 	&sub	("eax","esp");
 	&and	("eax",-4096);
 &set_label("page_walk");
 	&mov	("edx",&DWP(0,"esp","eax"));
 	&sub	("eax",4096);
 	&data_byte(0x2e);
 	&jnc	(&label("page_walk"));
 	################################# load argument block...
 	&mov	("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
 	&mov	("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
@ -66,7 +66,7 @@
 # undef sqr
 /*-
- * "m"(a), "+m"(r)      is the way to favor DirectPath µ-code;
+ * "m"(a), "+m"(r)      is the way to favor DirectPath µ-code;
 * "g"(0)               let the compiler to decide where does it
 *                      want to keep the value of zero;
 */
--- a/crypto/bn/asm/x86_64-gf2m.pl
+++ b/crypto/bn/asm/x86_64-gf2m.pl
@ -13,7 +13,7 @@
 # in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
 # the time being... Except that it has two code paths: code suitable
 # for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and
-# later. Improvement varies from one benchmark and µ-arch to another.
+# later. Improvement varies from one benchmark and µ-arch to another.
 # Vanilla code path is at most 20% faster than compiler-generated code
 # [not very impressive], while PCLMULQDQ - whole 85%-160% better on
 # 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that
@ -184,13 +184,13 @@ ___
 $code.=<<___;
 	movdqa		%xmm0,%xmm4
 	movdqa		%xmm1,%xmm5
-	pclmulqdq	\$0,%xmm1,%xmm0	# a1·b1
+	pclmulqdq	\$0,%xmm1,%xmm0	# a1·b1
 	pxor		%xmm2,%xmm4
 	pxor		%xmm3,%xmm5
-	pclmulqdq	\$0,%xmm3,%xmm2	# a0·b0
+	pclmulqdq	\$0,%xmm3,%xmm2	# a0·b0
-	pclmulqdq	\$0,%xmm5,%xmm4	# (a0+a1)·(b0+b1)
+	pclmulqdq	\$0,%xmm5,%xmm4	# (a0+a1)·(b0+b1)
 	xorps		%xmm0,%xmm4
-	xorps		%xmm2,%xmm4	# (a0+a1)·(b0+b1)-a0·b0-a1·b1
+	xorps		%xmm2,%xmm4	# (a0+a1)·(b0+b1)-a0·b0-a1·b1
 	movdqa		%xmm4,%xmm5
 	pslldq		\$8,%xmm4
 	psrldq		\$8,%xmm5
@ -225,13 +225,13 @@ $code.=<<___;
 	mov	\$0xf,$mask
 	mov	$a1,$a
 	mov	$b1,$b
-	call	_mul_1x1		# a1·b1
+	call	_mul_1x1		# a1·b1
 	mov	$lo,16(%rsp)
 	mov	$hi,24(%rsp)
 	mov	48(%rsp),$a
 	mov	64(%rsp),$b
-	call	_mul_1x1		# a0·b0
+	call	_mul_1x1		# a0·b0
 	mov	$lo,0(%rsp)
 	mov	$hi,8(%rsp)
@ -239,7 +239,7 @@ $code.=<<___;
 	mov	56(%rsp),$b
 	xor	48(%rsp),$a
 	xor	64(%rsp),$b
-	call	_mul_1x1		# (a0+a1)·(b0+b1)
+	call	_mul_1x1		# (a0+a1)·(b0+b1)
 ___
 	@r=("%rbx","%rcx","%rdi","%rsi");
 $code.=<<___;
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@ -91,6 +91,20 @@ bn_mul_mont:
 	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
 .Lmul_body:
 	# Some OSes, *cough*-dows, insist on stack being "wired" to
 	# physical memory in strictly sequential manner, i.e. if stack
 	# allocation spans two pages, then reference to farmost one can
 	# be punishable by SEGV. But page walking can do good even on
 	# other OSes, because it guarantees that villain thread hits
 	# the guard page before it can make damage to innocent one...
 	sub	%rsp,%r11
 	and	\$-4096,%r11
 .Lmul_page_walk:
 	mov	(%rsp,%r11),%r10
 	sub	\$4096,%r11
 	.byte	0x66,0x2e		# predict non-taken
 	jnc	.Lmul_page_walk
 	mov	$bp,%r12		# reassign $bp
 ___
 		$bp="%r12";
@ -296,6 +310,14 @@ bn_mul4x_mont:
 	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
 .Lmul4x_body:
 	sub	%rsp,%r11
 	and	\$-4096,%r11
 .Lmul4x_page_walk:
 	mov	(%rsp,%r11),%r10
 	sub	\$4096,%r11
 	.byte	0x2e			# predict non-taken
 	jnc	.Lmul4x_page_walk
 	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
 	mov	%rdx,%r12		# reassign $bp
 ___
@ -707,6 +729,7 @@ $code.=<<___;
 .align	16
 bn_sqr4x_mont:
 .Lsqr4x_enter:
 	mov	%rsp,%rax
 	push	%rbx
 	push	%rbp
 	push	%r12
@ -715,12 +738,23 @@ bn_sqr4x_mont:
 	push	%r15
 	shl	\$3,${num}d		# convert $num to bytes
 	xor	%r10,%r10
 	mov	%rsp,%r11		# put aside %rsp
-	sub	$num,%r10		# -$num
+	neg	$num			# -$num
 	mov	($n0),$n0		# *n0
-	lea	-72(%rsp,%r10,2),%rsp	# alloca(frame+2*$num)
+	lea	-72(%rsp,$num,2),%rsp	# alloca(frame+2*$num)
 	and	\$-1024,%rsp		# minimize TLB usage
 	sub	%rsp,%r11
 	and	\$-4096,%r11
 .Lsqr4x_page_walk:
 	mov	(%rsp,%r11),%r10
 	sub	\$4096,%r11
 	.byte	0x2e			# predict non-taken
 	jnc	.Lsqr4x_page_walk
 	mov	$num,%r10
 	neg	$num			# restore $num
 	lea	-48(%rax),%r11		# restore saved %rsp
 	##############################################################
 	# Stack layout
 	#
--- a/Show More
+++ b/Show More