172 changed files with 1024 additions and 2166 deletions
--- a/.travis-create-release.sh
+++ b/.travis-create-release.sh
@ -1,10 +0,0 @@
 #! /bin/sh
 # $1 is expected to be $TRAVIS_OS_NAME
 if [ "$1" == osx ]; then
    make -f Makefile.org \
 	 DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist
 else
    make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist
 fi
--- a/.travis.yml
+++ b/.travis.yml
@ -32,9 +32,6 @@ matrix:
          env: CONFIG_OPTS="-d --strict-warnings"
 before_script:
    - sh .travis-create-release.sh $TRAVIS_OS_NAME
    - tar -xvzf _srcdist.tar.gz
    - cd _srcdist
    - if [ "$CC" == i686-w64-mingw32-gcc ]; then
          export CROSS_COMPILE=${CC%%gcc}; unset CC;
          ./Configure mingw $CONFIG_OPTS;
@ -44,13 +41,10 @@ before_script:
      else
          ./config $CONFIG_OPTS;
      fi
    - cd ..
 script:
    - cd _srcdist
    - make
    - if [ -z "$CROSS_COMPILE" ]; then make test; fi
    - cd ..
 notifications:
    recipient:
--- a/32
+++ b/32
@ -1,2 +1,30 @@
-Please https://www.openssl.org/community/thanks.html for the current
+The OpenSSL project depends on volunteer efforts and financial support from
-acknowledgements.
+the end user community. That support comes in the form of donations and paid
 sponsorships, software support contracts, paid consulting services
 and commissioned software development.
 Since all these activities support the continued development and improvement
 of OpenSSL we consider all these clients and customers as sponsors of the
 OpenSSL project.
 We would like to identify and thank the following such sponsors for their past
 or current significant support of the OpenSSL project:
 Major support:
 	Qualys		http://www.qualys.com/
 Very significant support:
 	OpenGear:	http://www.opengear.com/
 Significant support:
 	PSW Group:	http://www.psw.net/
 	Acano Ltd.	http://acano.com/
 Please note that we ask permission to identify sponsors and that some sponsors
 we consider eligible for inclusion here have requested to remain anonymous.
 Additional sponsorship or financial support is always welcome: for more
 information please contact the OpenSSL Software Foundation.
--- a/168
+++ b/168
@ -2,172 +2,6 @@
 OpenSSL CHANGES
 _______________
 Changes between 1.0.1s and 1.0.1t [xx XXX xxxx]
  *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
     default.
     [Kurt Roeckx]
  *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
     methods are enabled and ssl2 is disabled the methods return NULL.
     [Kurt Roeckx]
 Changes between 1.0.1r and 1.0.1s [1 Mar 2016]
  * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
    Builds that are not configured with "enable-weak-ssl-ciphers" will not
    provide any "EXPORT" or "LOW" strength ciphers.
    [Viktor Dukhovni]
  * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
    is by default disabled at build-time.  Builds that are not configured with
    "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
    users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
    will need to explicitly call either of:
        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
    or
        SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
    as appropriate.  Even if either of those is used, or the application
    explicitly uses the version-specific SSLv2_method() or its client and
    server variants, SSLv2 ciphers vulnerable to exhaustive search key
    recovery have been removed.  Specifically, the SSLv2 40-bit EXPORT
    ciphers, and SSLv2 56-bit DES are no longer available.
    (CVE-2016-0800)
    [Viktor Dukhovni]
  *) Fix a double-free in DSA code
     A double free bug was discovered when OpenSSL parses malformed DSA private
     keys and could lead to a DoS attack or memory corruption for applications
     that receive DSA private keys from untrusted sources.  This scenario is
     considered rare.
     This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
     libFuzzer.
     (CVE-2016-0705)
     [Stephen Henson]
  *) Disable SRP fake user seed to address a server memory leak.
     Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
     SRP_VBASE_get_by_user had inconsistent memory management behaviour.
     In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
     was changed to ignore the "fake user" SRP seed, even if the seed
     is configured.
     Users should use SRP_VBASE_get1_by_user instead. Note that in
     SRP_VBASE_get1_by_user, caller must free the returned value. Note
     also that even though configuring the SRP seed attempts to hide
     invalid usernames by continuing the handshake with fake
     credentials, this behaviour is not constant time and no strong
     guarantees are made that the handshake is indistinguishable from
     that of a valid user.
     (CVE-2016-0798)
     [Emilia Käsper]
  *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
     In the BN_hex2bn function the number of hex digits is calculated using an
     int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
     large values of |i| this can result in |bn_expand| not allocating any
     memory because |i * 4| is negative. This can leave the internal BIGNUM data
     field as NULL leading to a subsequent NULL ptr deref. For very large values
     of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
     In this case memory is allocated to the internal BIGNUM data field, but it
     is insufficiently sized leading to heap corruption. A similar issue exists
     in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
     is ever called by user applications with very large untrusted hex/dec data.
     This is anticipated to be a rare occurrence.
     All OpenSSL internal usage of these functions use data that is not expected
     to be untrusted, e.g. config file data or application command line
     arguments. If user developed applications generate config file data based
     on untrusted data then it is possible that this could also lead to security
     consequences. This is also anticipated to be rare.
     This issue was reported to OpenSSL by Guido Vranken.
     (CVE-2016-0797)
     [Matt Caswell]
  *) Fix memory issues in BIO_*printf functions
     The internal |fmtstr| function used in processing a "%s" format string in
     the BIO_*printf functions could overflow while calculating the length of a
     string and cause an OOB read when printing very long strings.
     Additionally the internal |doapr_outch| function can attempt to write to an
     OOB memory location (at an offset from the NULL pointer) in the event of a
     memory allocation failure. In 1.0.2 and below this could be caused where
     the size of a buffer to be allocated is greater than INT_MAX. E.g. this
     could be in processing a very long "%s" format string. Memory leaks can
     also occur.
     The first issue may mask the second issue dependent on compiler behaviour.
     These problems could enable attacks where large amounts of untrusted data
     is passed to the BIO_*printf functions. If applications use these functions
     in this way then they could be vulnerable. OpenSSL itself uses these
     functions when printing out human-readable dumps of ASN.1 data. Therefore
     applications that print this data could be vulnerable if the data is from
     untrusted sources. OpenSSL command line applications could also be
     vulnerable where they print out ASN.1 data, or if untrusted data is passed
     as command line arguments.
     Libssl is not considered directly vulnerable. Additionally certificates etc
     received via remote connections via libssl are also unlikely to be able to
     trigger these issues because of message size limits enforced within libssl.
     This issue was reported to OpenSSL Guido Vranken.
     (CVE-2016-0799)
     [Matt Caswell]
  *) Side channel attack on modular exponentiation
     A side-channel attack was found which makes use of cache-bank conflicts on
     the Intel Sandy-Bridge microarchitecture which could lead to the recovery
     of RSA keys.  The ability to exploit this issue is limited as it relies on
     an attacker who has control of code in a thread running on the same
     hyper-threaded core as the victim thread which is performing decryptions.
     This issue was reported to OpenSSL by Yuval Yarom, The University of
     Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
     Nadia Heninger, University of Pennsylvania with more information at
     http://cachebleed.info.
     (CVE-2016-0702)
     [Andy Polyakov]
  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
     if no keysize is specified with default_bits. This fixes an
     omission in an earlier change that changed all RSA/DSA key generation
     apps to use 2048 bits by default.
     [Emilia Käsper]
 Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
  *) Protection for DH small subgroup attacks
     As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been
     switched on by default and cannot be disabled. This could have some
     performance impact.
     [Matt Caswell]
  *) SSLv2 doesn't block disabled ciphers
     A malicious client can negotiate SSLv2 ciphers that have been disabled on
     the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
     been disabled, provided that the SSLv2 protocol was not also disabled via
     SSL_OP_NO_SSLv2.
     This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
     and Sebastian Schinzel.
     (CVE-2015-3197)
     [Viktor Dukhovni]
  *) Reject DH handshakes with parameters shorter than 1024 bits.
     [Kurt Roeckx]
 Changes between 1.0.1p and 1.0.1q [3 Dec 2015]
  *) Certificate verify crash with missing PSS parameter
@ -204,7 +38,7 @@
     [Emilia Käsper]
  *) In DSA_generate_parameters_ex, if the provided seed is too short,
-     use a random seed, as already documented.
+     return an error
     [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
 Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
--- a/37
+++ b/37
@ -58,10 +58,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 #		library and will be loaded in run-time by the OpenSSL library.
 # sctp          include SCTP support
 # 386           generate 80386 code
 # enable-weak-ssl-ciphers
 #		Enable EXPORT and LOW SSLv3 ciphers that are disabled by
 #		default.  Note, weak SSLv2 ciphers are unconditionally
 #		disabled.
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
@ -109,9 +105,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
 # Warn that "make depend" should be run?
 my $warn_make_depend = 0;
 my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
 my $strict_warnings = 0;
@ -730,10 +723,8 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
 		 "rfc3779"	  => "default",
 		 "sctp"       => "default",
 		 "shared"         => "default",
 		 "ssl2"           => "default",
 		 "store"	  => "experimental",
 		 "unit-test"	  => "default",
 		 "weak-ssl-ciphers" => "default",
 		 "zlib"           => "default",
 		 "zlib-dynamic"   => "default"
 	       );
@ -1455,7 +1446,7 @@ if ($target =~ /\-icc$/)	# Intel C compiler
 # linker only when --prefix is not /usr.
 if ($target =~ /^BSD\-/)
 	{
-	$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+	$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
 	}
 if ($sys_id ne "")
@ -1962,7 +1953,13 @@ EOF
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne $default_depflags && !$make_depend) {
-            $warn_make_depend++;
+		print <<EOF;
 Since you've disabled or enabled at least one algorithm, you need to do
 the following before building:
 	make depend
 EOF
 	}
 }
@ -2042,18 +2039,12 @@ EOF
 print <<\EOF if ($no_shared_warn);
-You gave the option 'shared', which is not supported on this platform, so
+You gave the option 'shared'.  Normally, that would give you shared libraries.
-we will pretend you gave the option 'no-shared'.  If you know how to implement
+Unfortunately, the OpenSSL configuration doesn't include shared library support
-shared libraries, please let us know (but please first make sure you have
+for this platform yet, so it will pretend you gave the option 'no-shared'.  If
-tried with a current version of OpenSSL).
+you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-EOF
+libraries on this platform, they will at least look at it and try their best
-
+(but please first make sure you have tried with a current version of OpenSSL).
 print <<EOF if ($warn_make_depend);
 *** Because of configuration changes, you MUST do the following before
 *** building:
 	make depend
 EOF
 exit(0);
--- a/8
+++ b/8
@ -164,10 +164,10 @@
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
-     at https://www.openssl.org/community/index.html#bugs and will be
+     via http://www.openssl.org/support/rt.html and will be forwarded to a
-     forwarded to a public mailing list). Include the output of "make
+     public mailing list). Include the output of "make report" in your message.
-     report" in your message.  Please check out the request tracker. Maybe
+     Please check out the request tracker. Maybe the bug was already
-     the bug was already reported or has already been fixed.
+     reported or has already been fixed.
     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
--- a/2
+++ b/2
@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/Makefile.org
+++ b/Makefile.org
@ -179,7 +179,8 @@ SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        ../$(NAME).tar
+TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
@ -498,35 +499,38 @@ TABLE: Configure
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
-	                       --owner 0 --group 0 \
+	                       --owner openssl:0 --group openssl:0 \
-			       --transform 's|^|$(NAME)/|' \
+			       --transform 's|^|openssl-$(VERSION)/|' \
 			       -cvf -
-$(TARFILE).list:
+../$(TARFILE).list:
 	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
 	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+	       \! -name '*test' \! -name '.#*' \! -name '*~' \
-	       \! -name '.#*' \! -name '*~' \! -type l \
+	    | sort > ../$(TARFILE).list
 	    | sort > $(TARFILE).list
-tar: $(TARFILE).list
+tar: ../$(TARFILE).list
 	find . -type d -print | xargs chmod 755
 	find . -type f -print | xargs chmod a+r
 	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+	$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
-	rm -f $(TARFILE).list
+	rm -f ../$(TARFILE).list
-	ls -l $(TARFILE).gz
+	ls -l ../$(TARFILE).gz
-tar-snap: $(TARFILE).list
+tar-snap: ../$(TARFILE).list
-	$(TAR_COMMAND) > $(TARFILE)
+	$(TAR_COMMAND) > ../$(TARFILE)
-	rm -f $(TARFILE).list
+	rm -f ../$(TARFILE).list
-	ls -l $(TARFILE)
+	ls -l ../$(TARFILE)
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
 install: all install_docs install_sw
--- a/22
+++ b/22
@ -5,28 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [under development]
      o
  Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
      o Disable SSLv2 default build, default negotiation and weak ciphers
        (CVE-2016-0800)
      o Fix a double-free in DSA code (CVE-2016-0705)
      o Disable SRP fake user seed to address a server memory leak
        (CVE-2016-0798)
      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
        (CVE-2016-0797)
      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
  Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
      o Protection for DH small subgroup attacks
      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
  Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
--- a/13
+++ b/13
@ -1,5 +1,5 @@
- OpenSSL 1.0.1t-dev
+ OpenSSL 1.0.1q 3 Dec 2015
 Copyright (c) 1998-2015 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@ -90,12 +90,11 @@
 In order to avoid spam, this is a moderated mailing list, and it might
 take a day for the ticket to show up.  (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail
+ that security disclosures aren't publically posted by mistake.) Mail to
- to this address is recorded in the public RT (request tracker) database
+ this address is recorded in the public RT (request tracker) database (see
- (see https://www.openssl.org/community/index.html#bugs for details) and
+ https://www.openssl.org/support/rt.html for details) and also forwarded
- also forwarded the public openssl-dev mailing list.  Confidential mail
+ the public openssl-dev mailing list.  Confidential mail may be sent to
- may be sent to openssl-security@openssl.org (PGP key available from the
+ openssl-security@openssl.org (PGP key available from the key servers).
 key servers).
 Please do NOT use this for general assistance or support queries.
 Just because something doesn't work the way you expect does not mean it
--- a/apps/engine.c
+++ b/apps/engine.c
@ -1,4 +1,4 @@
-/* apps/engine.c */
+/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
 * 2000.
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@ -1003,7 +1003,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
    bs = OCSP_BASICRESP_new();
    thisupd = X509_gmtime_adj(NULL, 0);
    if (ndays != -1)
-        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
+        nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
    /* Examine each certificate id in the request */
    for (i = 0; i < id_count; i++) {
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -79,8 +79,7 @@ const EVP_CIPHER *enc;
 # define CLCERTS         0x8
 # define CACERTS         0x10
-static int get_cert_chain(X509 *cert, X509_STORE *store,
+int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
                          STACK_OF(X509) **chain);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
                        int options, char *pempass);
 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@ -595,7 +594,7 @@ int MAIN(int argc, char **argv)
            vret = get_cert_chain(ucert, store, &chain2);
            X509_STORE_free(store);
-            if (vret == X509_V_OK) {
+            if (!vret) {
                /* Exclude verified certificate */
                for (i = 1; i < sk_X509_num(chain2); i++)
                    sk_X509_push(certs, sk_X509_value(chain2, i));
@ -603,7 +602,7 @@ int MAIN(int argc, char **argv)
                X509_free(sk_X509_value(chain2, 0));
                sk_X509_free(chain2);
            } else {
-                if (vret != X509_V_ERR_UNSPECIFIED)
+                if (vret >= 0)
                    BIO_printf(bio_err, "Error %s getting chain.\n",
                               X509_verify_cert_error_string(vret));
                else
@ -907,25 +906,36 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 /* Given a single certificate return a verified chain or NULL if error */
-static int get_cert_chain(X509 *cert, X509_STORE *store,
+/* Hope this is OK .... */
-                          STACK_OF(X509) **chain)
+
 int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
    X509_STORE_CTX store_ctx;
-    STACK_OF(X509) *chn = NULL;
+    STACK_OF(X509) *chn;
    int i = 0;
-    if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
+    /*
-        *chain = NULL;
+     * FIXME: Should really check the return status of X509_STORE_CTX_init
-        return X509_V_ERR_UNSPECIFIED;
+     * for an error, but how that fits into the return value of this function
-    }
+     * is less obvious.
-
+     */
-    if (X509_verify_cert(&store_ctx) > 0)
+    X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
    if (X509_verify_cert(&store_ctx) <= 0) {
        i = X509_STORE_CTX_get_error(&store_ctx);
        if (i == 0)
            /*
             * avoid returning 0 if X509_verify_cert() did not set an
             * appropriate error value in the context
             */
            i = -1;
        chn = NULL;
        goto err;
    } else
        chn = X509_STORE_CTX_get1_chain(&store_ctx);
-    else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
+ err:
        i = X509_V_ERR_UNSPECIFIED;
    X509_STORE_CTX_cleanup(&store_ctx);
    *chain = chn;
    return i;
 }
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@ -235,16 +235,12 @@ int MAIN(int argc, char **argv)
        i = OBJ_obj2nid(p7->type);
        switch (i) {
        case NID_pkcs7_signed:
            if (p7->d.sign != NULL) {
            certs = p7->d.sign->cert;
            crls = p7->d.sign->crl;
            }
            break;
        case NID_pkcs7_signedAndEnveloped:
            if (p7->d.signed_and_enveloped != NULL) {
            certs = p7->d.signed_and_enveloped->cert;
            crls = p7->d.signed_and_enveloped->crl;
            }
            break;
        default:
            break;
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -416,8 +416,6 @@ typedef struct srpsrvparm_st {
 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
 {
    srpsrvparm *p = (srpsrvparm *) arg;
    int ret = SSL3_AL_FATAL;
    if (p->login == NULL && p->user == NULL) {
        p->login = SSL_get_srp_username(s);
        BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
@ -426,25 +424,21 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
    if (p->user == NULL) {
        BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
-        goto err;
+        return SSL3_AL_FATAL;
    }
    if (SSL_set_srp_server_param
        (s, p->user->N, p->user->g, p->user->s, p->user->v,
         p->user->info) < 0) {
        *ad = SSL_AD_INTERNAL_ERROR;
-        goto err;
+        return SSL3_AL_FATAL;
    }
    BIO_printf(bio_err,
               "SRP parameters set: username = \"%s\" info=\"%s\" \n",
               p->login, p->user->info);
-    ret = SSL_ERROR_NONE;
+    /* need to check whether there are memory leaks */
 err:
    SRP_user_pwd_free(p->user);
    p->user = NULL;
    p->login = NULL;
-    return ret;
+    return SSL_ERROR_NONE;
 }
 #endif
@ -2250,9 +2244,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 #ifndef OPENSSL_NO_SRP
                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during write\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
-                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
                                              srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
@ -2307,9 +2300,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 #ifndef OPENSSL_NO_SRP
                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
-                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
                                              srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
@ -2395,9 +2387,8 @@ static int init_ssl_connection(SSL *con)
    while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
        BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
                   srp_callback_parm.login);
        SRP_user_pwd_free(srp_callback_parm.user);
        srp_callback_parm.user =
-            SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+            SRP_VBASE_get_by_user(srp_callback_parm.vb,
                                  srp_callback_parm.login);
        if (srp_callback_parm.user)
            BIO_printf(bio_s_out, "LOOKUP done %s\n",
@ -2625,9 +2616,8 @@ static int www_body(char *hostname, int s, unsigned char *context)
                   && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
                BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
                           srp_callback_parm.login);
                SRP_user_pwd_free(srp_callback_parm.user);
                srp_callback_parm.user =
-                    SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                    SRP_VBASE_get_by_user(srp_callback_parm.vb,
                                          srp_callback_parm.login);
                if (srp_callback_parm.user)
                    BIO_printf(bio_s_out, "LOOKUP done %s\n",
@ -2668,9 +2658,8 @@ static int www_body(char *hostname, int s, unsigned char *context)
                if (BIO_should_io_special(io)
                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
-                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
                                              srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
--- a/apps/speed.c
+++ b/apps/speed.c
@ -1,4 +1,4 @@
-/* apps/speed.c */
+/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
--- a/apps/x509.c
+++ b/apps/x509.c
@ -1170,7 +1170,12 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
    if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
        goto err;
-    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
+    /* Lets just make it 12:00am GMT, Jan 1 1970 */
    /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
    /* 28 days to be certified */
    if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
        NULL)
        goto err;
    if (!X509_set_pubkey(x, pkey))
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h */
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cbc.c */
+/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cfb.c */
+/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c */
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
 /**
 * rijndael-alg-fst.c
 *
--- a/crypto/aes/aes_ctr.c
+++ b/crypto/aes/aes_ctr.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ctr.c */
+/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_ecb.c
+++ b/crypto/aes/aes_ecb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ecb.c */
+/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ige.c */
+/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_locl.h
+++ b/crypto/aes/aes_locl.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h */
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_misc.c */
+/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_ofb.c
+++ b/crypto/aes/aes_ofb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ofb.c */
+/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_x86core.c
+++ b/crypto/aes/aes_x86core.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c */
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
 /**
 * rijndael-alg-fst.c
 *
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
    } else {
        if (len != 0) {
            if ((ret->length < len) || (ret->data == NULL)) {
                if (ret->data != NULL)
                    OPENSSL_free(ret->data);
                s = (unsigned char *)OPENSSL_malloc((int)len + 1);
                if (s == NULL) {
                    i = ERR_R_MALLOC_FAILURE;
                    goto err;
                }
                if (ret->data != NULL)
                    OPENSSL_free(ret->data);
            } else
                s = ret->data;
            memcpy(s, p, (int)len);
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@ -141,7 +141,6 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
 #endif
 #define HEADER_SIZE   8
 #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 {
    BUF_MEM *b;
@ -218,30 +217,18 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
            /* suck in c.slen bytes of data */
            want = c.slen;
            if (want > (len - off)) {
                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
                want -= (len - off);
                if (want > INT_MAX /* BIO_read takes an int length */  ||
                    len + want < len) {
                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
                    goto err;
                }
-                while (want > 0) {
+                if (!BUF_MEM_grow_clean(b, len + want)) {
                    /*
                     * Read content in chunks of increasing size
                     * so we can return an error for EOF without
                     * having to allocate the entire content length
                     * in one go.
                     */
                    size_t chunk = want > chunk_max ? chunk_max : want;
                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
                    goto err;
                }
-                    want -= chunk;
+                while (want > 0) {
-                    while (chunk > 0) {
+                    i = BIO_read(in, &(b->data[len]), want);
                        i = BIO_read(in, &(b->data[len]), chunk);
                    if (i <= 0) {
                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
                                ASN1_R_NOT_ENOUGH_DATA);
@ -252,10 +239,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                     * overflow.
                     */
                    len += i;
-                        chunk -= i;
+                    want -= i;
                    }
                    if (chunk_max < INT_MAX/2)
                        chunk_max *= 2;
                }
            }
            if (off + c.slen < off) {
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@ -63,7 +63,7 @@
 #include <openssl/asn1_mac.h>
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-                           long max);
+                           int max);
 static void asn1_put_length(unsigned char **pp, int length);
 const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
    }
    *ptag = tag;
    *pclass = xclass;
-    if (!asn1_get_length(&p, &inf, plength, max))
+    if (!asn1_get_length(&p, &inf, plength, (int)max))
        goto err;
    if (inf && !(ret & V_ASN1_CONSTRUCTED))
@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 }
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-                           long max)
+                           int max)
 {
    const unsigned char *p = *pp;
    unsigned long ret = 0;
-    unsigned long i;
+    unsigned int i;
    if (max-- < 1)
-        return 0;
+        return (0);
    if (*p == 0x80) {
        *inf = 1;
        ret = 0;
@ -175,11 +175,15 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
        *inf = 0;
        i = *p & 0x7f;
        if (*(p++) & 0x80) {
-            if (i > sizeof(ret) || max < (long)i)
+            if (i > sizeof(long))
                return 0;
            if (max-- == 0)
                return (0);
            while (i-- > 0) {
                ret <<= 8L;
                ret |= *(p++);
                if (max-- == 0)
                    return (0);
            }
        } else
            ret = i;
@ -188,7 +192,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
        return 0;
    *pp = p;
    *rl = (long)ret;
-    return 1;
+    return (1);
 }
 /*
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@ -173,8 +173,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
        if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
            goto end;
        if (j & V_ASN1_CONSTRUCTED) {
            const unsigned char *sp;
            ep = p + len;
            if (BIO_write(bp, "\n", 1) <= 0)
                goto end;
@ -184,7 +182,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                goto end;
            }
            if ((j == 0x21) && (len == 0)) {
                sp = p;
                for (;;) {
                    r = asn1_parse2(bp, &p, (long)(tot - p),
                                    offset + (p - *pp), depth + 1,
@ -193,24 +190,18 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                        ret = 0;
                        goto end;
                    }
-                    if ((r == 2) || (p >= tot)) {
+                    if ((r == 2) || (p >= tot))
                        len = p - sp;
                        break;
                }
-                }
+            } else
            } else {
                long tmp = len;
                while (p < ep) {
-                    sp = p;
+                    r = asn1_parse2(bp, &p, (long)len,
-                    r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
+                                    offset + (p - *pp), depth + 1,
                                    indent, dump);
                    if (r == 0) {
                        ret = 0;
                        goto end;
                    }
                    tmp -= p - sp;
                }
                }
        } else if (xclass != 0) {
            p += len;
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@ -140,8 +140,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
            goto err;
        bs = X509_get_serialNumber(x);
-        if (bs->length < (int)sizeof(long)
+        if (bs->length <= (int)sizeof(long)) {
            || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
            l = ASN1_INTEGER_get(bs);
            if (bs->type == V_ASN1_NEG_INTEGER) {
                l = -l;
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@ -66,13 +66,6 @@
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
 /*
 * Maximum length of X509_NAME: much larger than anything we should
 * ever see in practice.
 */
 #define X509_NAME_MAX (1024 * 1024)
 static int x509_name_ex_d2i(ASN1_VALUE **val,
                            const unsigned char **in, long len,
                            const ASN1_ITEM *it,
@ -199,10 +192,6 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
    int i, j, ret;
    STACK_OF(X509_NAME_ENTRY) *entries;
    X509_NAME_ENTRY *entry;
    if (len > X509_NAME_MAX) {
        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
        return 0;
    }
    q = p;
    /* Get internal representation of Name */
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@ -201,19 +201,9 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 int i2d_X509_AUX(X509 *a, unsigned char **pp)
 {
-    int length, tmplen;
+    int length;
    unsigned char *start = pp != NULL ? *pp : NULL;
    length = i2d_X509(a, pp);
-    if (length < 0 || a == NULL)
+    if (a)
-        return length;
+        length += i2d_X509_CERT_AUX(a->aux, pp);
    tmplen = i2d_X509_CERT_AUX(a->aux, pp);
    if (tmplen < 0) {
        if (start != NULL)
            *pp = start;
        return tmplen;
    }
    length += tmplen;
    return length;
 }
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@ -125,14 +125,14 @@
 # define LLONG long
 #endif
-static int fmtstr(char **, char **, size_t *, size_t *,
+static void fmtstr(char **, char **, size_t *, size_t *,
                   const char *, int, int, int);
-static int fmtint(char **, char **, size_t *, size_t *,
+static void fmtint(char **, char **, size_t *, size_t *,
                   LLONG, int, int, int, int);
-static int fmtfp(char **, char **, size_t *, size_t *,
+static void fmtfp(char **, char **, size_t *, size_t *,
                  LDOUBLE, int, int, int);
-static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static void doapr_outch(char **, char **, size_t *, size_t *, int);
-static int _dopr(char **sbuffer, char **buffer,
+static void _dopr(char **sbuffer, char **buffer,
                  size_t *maxlen, size_t *retlen, int *truncated,
                  const char *format, va_list args);
@ -165,7 +165,7 @@ static int _dopr(char **sbuffer, char **buffer,
 #define char_to_int(p) (p - '0')
 #define OSSL_MAX(p,q) ((p >= q) ? p : q)
-static int
+static void
 _dopr(char **sbuffer,
      char **buffer,
      size_t *maxlen,
@ -196,8 +196,7 @@ _dopr(char **sbuffer,
            if (ch == '%')
                state = DP_S_FLAGS;
            else
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
                    return 0;
            ch = *format++;
            break;
        case DP_S_FLAGS:
@ -303,9 +302,8 @@ _dopr(char **sbuffer,
                    value = va_arg(args, int);
                    break;
                }
-                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
+                fmtint(sbuffer, buffer, &currlen, maxlen,
-                            max, flags))
+                       value, 10, min, max, flags);
                    return 0;
                break;
            case 'X':
                flags |= DP_F_UP;
@ -328,19 +326,17 @@ _dopr(char **sbuffer,
                    value = (LLONG) va_arg(args, unsigned int);
                    break;
                }
-                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
+                fmtint(sbuffer, buffer, &currlen, maxlen, value,
                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
-                            min, max, flags))
+                       min, max, flags);
                    return 0;
                break;
            case 'f':
                if (cflags == DP_C_LDOUBLE)
                    fvalue = va_arg(args, LDOUBLE);
                else
                    fvalue = va_arg(args, double);
-                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                fmtfp(sbuffer, buffer, &currlen, maxlen,
-                           flags))
+                      fvalue, min, max, flags);
                    return 0;
                break;
            case 'E':
                flags |= DP_F_UP;
@ -359,9 +355,8 @@ _dopr(char **sbuffer,
                    fvalue = va_arg(args, double);
                break;
            case 'c':
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                doapr_outch(sbuffer, buffer, &currlen, maxlen,
-                            va_arg(args, int)))
+                            va_arg(args, int));
                    return 0;
                break;
            case 's':
                strvalue = va_arg(args, char *);
@ -371,15 +366,13 @@ _dopr(char **sbuffer,
                    else
                        max = *maxlen;
                }
-                if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
-                            flags, min, max))
+                       flags, min, max);
                    return 0;
                break;
            case 'p':
                value = (long)va_arg(args, void *);
-                if (!fmtint(sbuffer, buffer, &currlen, maxlen,
+                fmtint(sbuffer, buffer, &currlen, maxlen,
-                            value, 16, min, max, flags | DP_F_NUM))
+                       value, 16, min, max, flags | DP_F_NUM);
                    return 0;
                break;
            case 'n':          /* XXX */
                if (cflags == DP_C_SHORT) {
@ -401,8 +394,7 @@ _dopr(char **sbuffer,
                }
                break;
            case '%':
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
                    return 0;
                break;
            case 'w':
                /* not supported yet, treat as next char */
@ -426,56 +418,46 @@ _dopr(char **sbuffer,
    *truncated = (currlen > *maxlen - 1);
    if (*truncated)
        currlen = *maxlen - 1;
-    if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
        return 0;
    *retlen = currlen - 1;
-    return 1;
+    return;
 }
-static int
+static void
 fmtstr(char **sbuffer,
       char **buffer,
       size_t *currlen,
       size_t *maxlen, const char *value, int flags, int min, int max)
 {
-    int padlen;
+    int padlen, strln;
    size_t strln;
    int cnt = 0;
    if (value == 0)
        value = "<NULL>";
-
+    for (strln = 0; value[strln]; ++strln) ;
    strln = strlen(value);
    if (strln > INT_MAX)
        strln = INT_MAX;
    padlen = min - strln;
-    if (min < 0 || padlen < 0)
+    if (padlen < 0)
        padlen = 0;
    if (flags & DP_F_MINUS)
        padlen = -padlen;
    while ((padlen > 0) && (cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        --padlen;
        ++cnt;
    }
    while (*value && (cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
            return 0;
        ++cnt;
    }
    while ((padlen < 0) && (cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        ++padlen;
        ++cnt;
    }
    return 1;
 }
-static int
+static void
 fmtint(char **sbuffer,
       char **buffer,
       size_t *currlen,
@ -535,44 +517,37 @@ fmtint(char **sbuffer,
    /* spaces */
    while (spadlen > 0) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        --spadlen;
    }
    /* sign */
    if (signvalue)
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
            return 0;
    /* prefix */
    while (*prefix) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
            return 0;
        prefix++;
    }
    /* zeros */
    if (zpadlen > 0) {
        while (zpadlen > 0) {
-            if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
                return 0;
            --zpadlen;
        }
    }
    /* digits */
-    while (place > 0) {
+    while (place > 0)
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
            return 0;
    }
    /* left justified spaces */
    while (spadlen < 0) {
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        ++spadlen;
    }
-    return 1;
+    return;
 }
 static LDOUBLE abs_val(LDOUBLE value)
@ -603,7 +578,7 @@ static long roundv(LDOUBLE value)
    return intpart;
 }
-static int
+static void
 fmtfp(char **sbuffer,
      char **buffer,
      size_t *currlen,
@ -682,61 +657,47 @@ fmtfp(char **sbuffer,
    if ((flags & DP_F_ZERO) && (padlen > 0)) {
        if (signvalue) {
-            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
                return 0;
            --padlen;
            signvalue = 0;
        }
        while (padlen > 0) {
-            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
                return 0;
            --padlen;
        }
    }
    while (padlen > 0) {
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        --padlen;
    }
-    if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+    if (signvalue)
-        return 0;
+        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-    while (iplace > 0) {
+    while (iplace > 0)
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
            return 0;
    }
    /*
     * Decimal point. This should probably use locale to find the correct
     * char to print out.
     */
    if (max > 0 || (flags & DP_F_NUM)) {
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
            return 0;
-        while (fplace > 0) {
+        while (fplace > 0)
-            if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
+            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
                            fconvert[--fplace]))
                return 0;
        }
    }
    while (zpadlen > 0) {
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
            return 0;
        --zpadlen;
    }
    while (padlen < 0) {
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        ++padlen;
    }
    return 1;
 }
-#define BUFFER_INC  1024
+static void
 static int
 doapr_outch(char **sbuffer,
            char **buffer, size_t *currlen, size_t *maxlen, int c)
 {
@ -747,25 +708,24 @@ doapr_outch(char **sbuffer,
    assert(*currlen <= *maxlen);
    if (buffer && *currlen == *maxlen) {
-        if (*maxlen > INT_MAX - BUFFER_INC)
+        *maxlen += 1024;
            return 0;
        *maxlen += BUFFER_INC;
        if (*buffer == NULL) {
            *buffer = OPENSSL_malloc(*maxlen);
-            if (*buffer == NULL)
+            if (!*buffer) {
-                return 0;
+                /* Panic! Can't really do anything sensible. Just return */
                return;
            }
            if (*currlen > 0) {
                assert(*sbuffer != NULL);
                memcpy(*buffer, *sbuffer, *currlen);
            }
            *sbuffer = NULL;
        } else {
-            char *tmpbuf;
+            *buffer = OPENSSL_realloc(*buffer, *maxlen);
-            tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
+            if (!*buffer) {
-            if (tmpbuf == NULL)
+                /* Panic! Can't really do anything sensible. Just return */
-                return 0;
+                return;
-            *buffer = tmpbuf;
+            }
        }
    }
@ -776,7 +736,7 @@ doapr_outch(char **sbuffer,
            (*buffer)[(*currlen)++] = (char)c;
    }
-    return 1;
+    return;
 }
 /***************************************************************************/
@ -808,11 +768,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
    dynbuf = NULL;
    CRYPTO_push_info("doapr()");
-    if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
+    _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
                args)) {
        OPENSSL_free(dynbuf);
        return -1;
    }
    if (dynbuf) {
        ret = BIO_write(bio, dynbuf, (int)retlen);
        OPENSSL_free(dynbuf);
@ -847,8 +803,7 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
    size_t retlen;
    int truncated;
-    if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
+    _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
        return -1;
    if (truncated)
        /*
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@ -478,11 +478,11 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 # define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
 # define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
 # define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-/* BIO_s_accept() */
+/* BIO_s_accept_socket() */
 # define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
 # define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
 /* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@ -495,7 +495,6 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
 # define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
 /* BIO_s_accept() and BIO_s_connect() */
 # define BIO_do_connect(b)       BIO_do_handshake(b)
 # define BIO_do_accept(b)        BIO_do_handshake(b)
 # define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@ -515,15 +514,12 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
 # define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
 /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
 # define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
 # define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
 /* BIO_s_file() */
 # define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
 # define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
 /* BIO_s_fd() and BIO_s_file() */
 # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
 # define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@ -1,4 +1,4 @@
-/* crypto/bio/bss_bio.c  */
+/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
    BIO *dbio;
    int *ip;
-    const char **pptr = NULL;
+    const char **pptr;
    long ret = 1;
    BIO_CONNECT *data;
@ -442,28 +442,19 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
    case BIO_C_GET_CONNECT:
        if (ptr != NULL) {
            pptr = (const char **)ptr;
        }
        if (b->init) {
            if (pptr != NULL) {
                ret = 1;
            if (num == 0) {
                *pptr = data->param_hostname;
            } else if (num == 1) {
                *pptr = data->param_port;
            } else if (num == 2) {
                *pptr = (char *)&(data->ip[0]);
-                } else {
+            } else if (num == 3) {
-                    ret = 0;
+                *((int *)ptr) = data->port;
            }
-            }
+            if ((!b->init) || (ptr == NULL))
            if (num == 3) {
                ret = data->port;
            }
        } else {
            if (pptr != NULL)
                *pptr = "not initialized";
-            ret = 0;
+            ret = 1;
        }
        break;
    case BIO_C_SET_CONNECT:
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@ -515,8 +515,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
    switch (cmd) {
    case BIO_CTRL_RESET:
        num = 0;
    case BIO_C_FILE_SEEK:
        ret = 0;
        break;
    case BIO_C_FILE_TELL:
    case BIO_CTRL_INFO:
        ret = 0;
        break;
--- a/crypto/bn/Makefile
+++ b/crypto/bn/Makefile
@ -243,8 +243,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h
 bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
 bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
--- a/crypto/bn/asm/x86-mont.pl
+++ b/crypto/bn/asm/x86-mont.pl
@ -85,21 +85,6 @@ $frame=32;				# size of above frame rounded up to 16n
 	&and	("esp",-64);		# align to cache line
 	# Some OSes, *cough*-dows, insist on stack being "wired" to
 	# physical memory in strictly sequential manner, i.e. if stack
 	# allocation spans two pages, then reference to farmost one can
 	# be punishable by SEGV. But page walking can do good even on
 	# other OSes, because it guarantees that villain thread hits
 	# the guard page before it can make damage to innocent one...
 	&mov	("eax","ebp");
 	&sub	("eax","esp");
 	&and	("eax",-4096);
 &set_label("page_walk");
 	&mov	("edx",&DWP(0,"esp","eax"));
 	&sub	("eax",4096);
 	&data_byte(0x2e);
 	&jnc	(&label("page_walk"));
 	################################# load argument block...
 	&mov	("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
 	&mov	("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@ -91,20 +91,6 @@ bn_mul_mont:
 	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
 .Lmul_body:
 	# Some OSes, *cough*-dows, insist on stack being "wired" to
 	# physical memory in strictly sequential manner, i.e. if stack
 	# allocation spans two pages, then reference to farmost one can
 	# be punishable by SEGV. But page walking can do good even on
 	# other OSes, because it guarantees that villain thread hits
 	# the guard page before it can make damage to innocent one...
 	sub	%rsp,%r11
 	and	\$-4096,%r11
 .Lmul_page_walk:
 	mov	(%rsp,%r11),%r10
 	sub	\$4096,%r11
 	.byte	0x66,0x2e		# predict non-taken
 	jnc	.Lmul_page_walk
 	mov	$bp,%r12		# reassign $bp
 ___
 		$bp="%r12";
@ -310,14 +296,6 @@ bn_mul4x_mont:
 	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
 .Lmul4x_body:
 	sub	%rsp,%r11
 	and	\$-4096,%r11
 .Lmul4x_page_walk:
 	mov	(%rsp,%r11),%r10
 	sub	\$4096,%r11
 	.byte	0x2e			# predict non-taken
 	jnc	.Lmul4x_page_walk
 	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
 	mov	%rdx,%r12		# reassign $bp
 ___
@ -729,7 +707,6 @@ $code.=<<___;
 .align	16
 bn_sqr4x_mont:
 .Lsqr4x_enter:
 	mov	%rsp,%rax
 	push	%rbx
 	push	%rbp
 	push	%r12
@ -738,23 +715,12 @@ bn_sqr4x_mont:
 	push	%r15
 	shl	\$3,${num}d		# convert $num to bytes
 	xor	%r10,%r10
 	mov	%rsp,%r11		# put aside %rsp
-	neg	$num			# -$num
+	sub	$num,%r10		# -$num
 	mov	($n0),$n0		# *n0
-	lea	-72(%rsp,$num,2),%rsp	# alloca(frame+2*$num)
+	lea	-72(%rsp,%r10,2),%rsp	# alloca(frame+2*$num)
 	and	\$-1024,%rsp		# minimize TLB usage
 	sub	%rsp,%r11
 	and	\$-4096,%r11
 .Lsqr4x_page_walk:
 	mov	(%rsp,%r11),%r10
 	sub	\$4096,%r11
 	.byte	0x2e			# predict non-taken
 	jnc	.Lsqr4x_page_walk
 	mov	$num,%r10
 	neg	$num			# restore $num
 	lea	-48(%rax),%r11		# restore saved %rsp
 	##############################################################
 	# Stack layout
 	#
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
@ -66,127 +66,60 @@ bn_mul_mont_gather5:
 .align	16
 .Lmul_enter:
 	mov	${num}d,${num}d
-	movd	`($win64?56:8)`(%rsp),%xmm5	# load 7th argument
+	mov	`($win64?56:8)`(%rsp),%r10d	# load 7th argument
 	lea	.Linc(%rip),%r10
 	push	%rbx
 	push	%rbp
 	push	%r12
 	push	%r13
 	push	%r14
 	push	%r15
-
+___
 $code.=<<___ if ($win64);
 	lea	-0x28(%rsp),%rsp
 	movaps	%xmm6,(%rsp)
 	movaps	%xmm7,0x10(%rsp)
 .Lmul_alloca:
 ___
 $code.=<<___;
 	mov	%rsp,%rax
 	lea	2($num),%r11
 	neg	%r11
-	lea	-264(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+2)+256+8)
+	lea	(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+2))
 	and	\$-1024,%rsp		# minimize TLB usage
 	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
 .Lmul_body:
-	# Some OSes, *cough*-dows, insist on stack being "wired" to
+	mov	$bp,%r12		# reassign $bp
 	# physical memory in strictly sequential manner, i.e. if stack
 	# allocation spans two pages, then reference to farmost one can
 	# be punishable by SEGV. But page walking can do good even on
 	# other OSes, because it guarantees that villain thread hits
 	# the guard page before it can make damage to innocent one...
 	sub	%rsp,%rax
 	and	\$-4096,%rax
 .Lmul_page_walk:
 	mov	(%rsp,%rax),%r11
 	sub	\$4096,%rax
 	.byte	0x2e			# predict non-taken
 	jnc	.Lmul_page_walk
 	lea	128($bp),%r12		# reassign $bp (+size optimization)
 ___
 		$bp="%r12";
 		$STRIDE=2**5*8;		# 5 is "window size"
 		$N=$STRIDE/4;		# should match cache line size
 $code.=<<___;
-	movdqa	0(%r10),%xmm0		# 00000001000000010000000000000000
+	mov	%r10,%r11
-	movdqa	16(%r10),%xmm1		# 00000002000000020000000200000002
+	shr	\$`log($N/8)/log(2)`,%r10
-	lea	24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization)
+	and	\$`$N/8-1`,%r11
-	and	\$-16,%r10
+	not	%r10
 	lea	.Lmagic_masks(%rip),%rax
 	and	\$`2**5/($N/8)-1`,%r10	# 5 is "window size"
 	lea	96($bp,%r11,8),$bp	# pointer within 1st cache line
 	movq	0(%rax,%r10,8),%xmm4	# set of masks denoting which
 	movq	8(%rax,%r10,8),%xmm5	# cache line contains element
 	movq	16(%rax,%r10,8),%xmm6	# denoted by 7th argument
 	movq	24(%rax,%r10,8),%xmm7
-	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movdqa	%xmm1,%xmm4
+	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	movdqa	%xmm1,%xmm2
+	pand	%xmm4,%xmm0
-___
+	movq	`2*$STRIDE/4-96`($bp),%xmm2
-########################################################################
+	pand	%xmm5,%xmm1
-# calculate mask by comparing 0..31 to index and save result to stack
+	movq	`3*$STRIDE/4-96`($bp),%xmm3
-#
+	pand	%xmm6,%xmm2
 $code.=<<___;
 	paddd	%xmm0,%xmm1
 	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
 	.byte	0x67
 	movdqa	%xmm4,%xmm3
 ___
 for($k=0;$k<$STRIDE/16-4;$k+=4) {
 $code.=<<___;
 	paddd	%xmm1,%xmm2
 	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
 	movdqa	%xmm0,`16*($k+0)+112`(%r10)
 	movdqa	%xmm4,%xmm0
 	paddd	%xmm2,%xmm3
 	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
 	movdqa	%xmm1,`16*($k+1)+112`(%r10)
 	movdqa	%xmm4,%xmm1
 	paddd	%xmm3,%xmm0
 	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
 	movdqa	%xmm2,`16*($k+2)+112`(%r10)
 	movdqa	%xmm4,%xmm2
 	paddd	%xmm0,%xmm1
 	pcmpeqd	%xmm5,%xmm0
 	movdqa	%xmm3,`16*($k+3)+112`(%r10)
 	movdqa	%xmm4,%xmm3
 ___
 }
 $code.=<<___;				# last iteration can be optimized
 	paddd	%xmm1,%xmm2
 	pcmpeqd	%xmm5,%xmm1
 	movdqa	%xmm0,`16*($k+0)+112`(%r10)
 	paddd	%xmm2,%xmm3
 	.byte	0x67
 	pcmpeqd	%xmm5,%xmm2
 	movdqa	%xmm1,`16*($k+1)+112`(%r10)
 	pcmpeqd	%xmm5,%xmm3
 	movdqa	%xmm2,`16*($k+2)+112`(%r10)
 	pand	`16*($k+0)-128`($bp),%xmm0	# while it's still in register
 	pand	`16*($k+1)-128`($bp),%xmm1
 	pand	`16*($k+2)-128`($bp),%xmm2
 	movdqa	%xmm3,`16*($k+3)+112`(%r10)
 	pand	`16*($k+3)-128`($bp),%xmm3
 	por	%xmm2,%xmm0
 	por	%xmm3,%xmm1
 ___
 for($k=0;$k<$STRIDE/16-4;$k+=4) {
 $code.=<<___;
 	movdqa	`16*($k+0)-128`($bp),%xmm4
 	movdqa	`16*($k+1)-128`($bp),%xmm5
 	movdqa	`16*($k+2)-128`($bp),%xmm2
 	pand	`16*($k+0)+112`(%r10),%xmm4
 	movdqa	`16*($k+3)-128`($bp),%xmm3
 	pand	`16*($k+1)+112`(%r10),%xmm5
 	por	%xmm4,%xmm0
 	pand	`16*($k+2)+112`(%r10),%xmm2
 	por	%xmm5,%xmm1
 	pand	`16*($k+3)+112`(%r10),%xmm3
 	por	%xmm2,%xmm0
 	por	%xmm3,%xmm1
 ___
 }
 $code.=<<___;
 	por	%xmm1,%xmm0
 	pshufd	\$0x4e,%xmm0,%xmm1
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
 	por	%xmm3,%xmm0
 	movq	%xmm0,$m0		# m0=bp[0]
 	mov	($n0),$n0		# pull n0[0] value
@ -195,14 +128,29 @@ $code.=<<___;
 	xor	$i,$i			# i=0
 	xor	$j,$j			# j=0
 	movq	`0*$STRIDE/4-96`($bp),%xmm0
 	movq	`1*$STRIDE/4-96`($bp),%xmm1
 	pand	%xmm4,%xmm0
 	movq	`2*$STRIDE/4-96`($bp),%xmm2
 	pand	%xmm5,%xmm1
 	mov	$n0,$m1
 	mulq	$m0			# ap[0]*bp[0]
 	mov	%rax,$lo0
 	mov	($np),%rax
 	movq	`3*$STRIDE/4-96`($bp),%xmm3
 	pand	%xmm6,%xmm2
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	imulq	$lo0,$m1		# "tp[0]"*n0
 	mov	%rdx,$hi0
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
 	por	%xmm3,%xmm0
 	mulq	$m1			# np[0]*m1
 	add	%rax,$lo0		# discarded
 	mov	8($ap),%rax
@ -235,6 +183,8 @@ $code.=<<___;
 	cmp	$num,$j
 	jne	.L1st
 	movq	%xmm0,$m0		# bp[1]
 	add	%rax,$hi1
 	mov	($ap),%rax		# ap[0]
 	adc	\$0,%rdx
@ -254,46 +204,33 @@ $code.=<<___;
 	jmp	.Louter
 .align	16
 .Louter:
 	lea	24+128(%rsp,$num,8),%rdx	# where 256-byte mask is (+size optimization)
 	and	\$-16,%rdx
 	pxor	%xmm4,%xmm4
 	pxor	%xmm5,%xmm5
 ___
 for($k=0;$k<$STRIDE/16;$k+=4) {
 $code.=<<___;
 	movdqa	`16*($k+0)-128`($bp),%xmm0
 	movdqa	`16*($k+1)-128`($bp),%xmm1
 	movdqa	`16*($k+2)-128`($bp),%xmm2
 	movdqa	`16*($k+3)-128`($bp),%xmm3
 	pand	`16*($k+0)-128`(%rdx),%xmm0
 	pand	`16*($k+1)-128`(%rdx),%xmm1
 	por	%xmm0,%xmm4
 	pand	`16*($k+2)-128`(%rdx),%xmm2
 	por	%xmm1,%xmm5
 	pand	`16*($k+3)-128`(%rdx),%xmm3
 	por	%xmm2,%xmm4
 	por	%xmm3,%xmm5
 ___
 }
 $code.=<<___;
 	por	%xmm5,%xmm4
 	pshufd	\$0x4e,%xmm4,%xmm0
 	por	%xmm4,%xmm0
 	lea	$STRIDE($bp),$bp
 	movq	%xmm0,$m0		# m0=bp[i]
 	xor	$j,$j			# j=0
 	mov	$n0,$m1
 	mov	(%rsp),$lo0
 	movq	`0*$STRIDE/4-96`($bp),%xmm0
 	movq	`1*$STRIDE/4-96`($bp),%xmm1
 	pand	%xmm4,%xmm0
 	movq	`2*$STRIDE/4-96`($bp),%xmm2
 	pand	%xmm5,%xmm1
 	mulq	$m0			# ap[0]*bp[i]
 	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
 	mov	($np),%rax
 	adc	\$0,%rdx
 	movq	`3*$STRIDE/4-96`($bp),%xmm3
 	pand	%xmm6,%xmm2
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	imulq	$lo0,$m1		# tp[0]*n0
 	mov	%rdx,$hi0
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
 	por	%xmm3,%xmm0
 	mulq	$m1			# np[0]*m1
 	add	%rax,$lo0		# discarded
 	mov	8($ap),%rax
@ -329,6 +266,8 @@ $code.=<<___;
 	cmp	$num,$j
 	jne	.Linner
 	movq	%xmm0,$m0		# bp[i+1]
 	add	%rax,$hi1
 	mov	($ap),%rax		# ap[0]
 	adc	\$0,%rdx
@ -382,7 +321,13 @@ $code.=<<___;
 	mov	8(%rsp,$num,8),%rsi	# restore %rsp
 	mov	\$1,%rax
-
+___
 $code.=<<___ if ($win64);
 	movaps	(%rsi),%xmm6
 	movaps	0x10(%rsi),%xmm7
 	lea	0x28(%rsi),%rsi
 ___
 $code.=<<___;
 	mov	(%rsi),%r15
 	mov	8(%rsi),%r14
 	mov	16(%rsi),%r13
@ -403,138 +348,91 @@ $code.=<<___;
 bn_mul4x_mont_gather5:
 .Lmul4x_enter:
 	mov	${num}d,${num}d
-	movd	`($win64?56:8)`(%rsp),%xmm5	# load 7th argument
+	mov	`($win64?56:8)`(%rsp),%r10d	# load 7th argument
 	lea	.Linc(%rip),%r10
 	push	%rbx
 	push	%rbp
 	push	%r12
 	push	%r13
 	push	%r14
 	push	%r15
-
+___
 $code.=<<___ if ($win64);
 	lea	-0x28(%rsp),%rsp
 	movaps	%xmm6,(%rsp)
 	movaps	%xmm7,0x10(%rsp)
 .Lmul4x_alloca:
 ___
 $code.=<<___;
 	mov	%rsp,%rax
 	lea	4($num),%r11
 	neg	%r11
-	lea	-256(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+4)+256)
+	lea	(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+4))
 	and	\$-1024,%rsp		# minimize TLB usage
 	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
 .Lmul4x_body:
 	sub	%rsp,%rax
 	and	\$-4096,%rax
 .Lmul4x_page_walk:
 	mov	(%rsp,%rax),%r11
 	sub	\$4096,%rax
 	.byte	0x2e			# predict non-taken
 	jnc	.Lmul4x_page_walk
 	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
-	lea	128(%rdx),%r12		# reassign $bp (+size optimization)
+	mov	%rdx,%r12		# reassign $bp
 ___
 		$bp="%r12";
 		$STRIDE=2**5*8;		# 5 is "window size"
 		$N=$STRIDE/4;		# should match cache line size
 $code.=<<___;
-	movdqa	0(%r10),%xmm0		# 00000001000000010000000000000000
+	mov	%r10,%r11
-	movdqa	16(%r10),%xmm1		# 00000002000000020000000200000002
+	shr	\$`log($N/8)/log(2)`,%r10
-	lea	32-112(%rsp,$num,8),%r10# place the mask after tp[num+4] (+ICache optimization)
+	and	\$`$N/8-1`,%r11
 	not	%r10
 	lea	.Lmagic_masks(%rip),%rax
 	and	\$`2**5/($N/8)-1`,%r10	# 5 is "window size"
 	lea	96($bp,%r11,8),$bp	# pointer within 1st cache line
 	movq	0(%rax,%r10,8),%xmm4	# set of masks denoting which
 	movq	8(%rax,%r10,8),%xmm5	# cache line contains element
 	movq	16(%rax,%r10,8),%xmm6	# denoted by 7th argument
 	movq	24(%rax,%r10,8),%xmm7
-	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movdqa	%xmm1,%xmm4
+	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	.byte	0x67,0x67
+	pand	%xmm4,%xmm0
-	movdqa	%xmm1,%xmm2
+	movq	`2*$STRIDE/4-96`($bp),%xmm2
-___
+	pand	%xmm5,%xmm1
-########################################################################
+	movq	`3*$STRIDE/4-96`($bp),%xmm3
-# calculate mask by comparing 0..31 to index and save result to stack
+	pand	%xmm6,%xmm2
 #
 $code.=<<___;
 	paddd	%xmm0,%xmm1
 	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
 	.byte	0x67
 	movdqa	%xmm4,%xmm3
 ___
 for($k=0;$k<$STRIDE/16-4;$k+=4) {
 $code.=<<___;
 	paddd	%xmm1,%xmm2
 	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
 	movdqa	%xmm0,`16*($k+0)+112`(%r10)
 	movdqa	%xmm4,%xmm0
 	paddd	%xmm2,%xmm3
 	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
 	movdqa	%xmm1,`16*($k+1)+112`(%r10)
 	movdqa	%xmm4,%xmm1
 	paddd	%xmm3,%xmm0
 	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
 	movdqa	%xmm2,`16*($k+2)+112`(%r10)
 	movdqa	%xmm4,%xmm2
 	paddd	%xmm0,%xmm1
 	pcmpeqd	%xmm5,%xmm0
 	movdqa	%xmm3,`16*($k+3)+112`(%r10)
 	movdqa	%xmm4,%xmm3
 ___
 }
 $code.=<<___;				# last iteration can be optimized
 	paddd	%xmm1,%xmm2
 	pcmpeqd	%xmm5,%xmm1
 	movdqa	%xmm0,`16*($k+0)+112`(%r10)
 	paddd	%xmm2,%xmm3
 	.byte	0x67
 	pcmpeqd	%xmm5,%xmm2
 	movdqa	%xmm1,`16*($k+1)+112`(%r10)
 	pcmpeqd	%xmm5,%xmm3
 	movdqa	%xmm2,`16*($k+2)+112`(%r10)
 	pand	`16*($k+0)-128`($bp),%xmm0	# while it's still in register
 	pand	`16*($k+1)-128`($bp),%xmm1
 	pand	`16*($k+2)-128`($bp),%xmm2
 	movdqa	%xmm3,`16*($k+3)+112`(%r10)
 	pand	`16*($k+3)-128`($bp),%xmm3
 	por	%xmm2,%xmm0
 	por	%xmm3,%xmm1
 ___
 for($k=0;$k<$STRIDE/16-4;$k+=4) {
 $code.=<<___;
 	movdqa	`16*($k+0)-128`($bp),%xmm4
 	movdqa	`16*($k+1)-128`($bp),%xmm5
 	movdqa	`16*($k+2)-128`($bp),%xmm2
 	pand	`16*($k+0)+112`(%r10),%xmm4
 	movdqa	`16*($k+3)-128`($bp),%xmm3
 	pand	`16*($k+1)+112`(%r10),%xmm5
 	por	%xmm4,%xmm0
 	pand	`16*($k+2)+112`(%r10),%xmm2
 	por	%xmm5,%xmm1
 	pand	`16*($k+3)+112`(%r10),%xmm3
 	por	%xmm2,%xmm0
 	por	%xmm3,%xmm1
 ___
 }
 $code.=<<___;
 	por	%xmm1,%xmm0
 	pshufd	\$0x4e,%xmm0,%xmm1
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
-	movq	%xmm0,$m0		# m0=bp[0]
+	por	%xmm3,%xmm0
 	movq	%xmm0,$m0		# m0=bp[0]
 	mov	($n0),$n0		# pull n0[0] value
 	mov	($ap),%rax
 	xor	$i,$i			# i=0
 	xor	$j,$j			# j=0
 	movq	`0*$STRIDE/4-96`($bp),%xmm0
 	movq	`1*$STRIDE/4-96`($bp),%xmm1
 	pand	%xmm4,%xmm0
 	movq	`2*$STRIDE/4-96`($bp),%xmm2
 	pand	%xmm5,%xmm1
 	mov	$n0,$m1
 	mulq	$m0			# ap[0]*bp[0]
 	mov	%rax,$A[0]
 	mov	($np),%rax
 	movq	`3*$STRIDE/4-96`($bp),%xmm3
 	pand	%xmm6,%xmm2
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	imulq	$A[0],$m1		# "tp[0]"*n0
 	mov	%rdx,$A[1]
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
 	por	%xmm3,%xmm0
 	mulq	$m1			# np[0]*m1
 	add	%rax,$A[0]		# discarded
 	mov	8($ap),%rax
@ -652,6 +550,8 @@ $code.=<<___;
 	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
 	mov	%rdx,$N[0]
 	movq	%xmm0,$m0		# bp[1]
 	xor	$N[1],$N[1]
 	add	$A[0],$N[0]
 	adc	\$0,$N[1]
@ -661,34 +561,12 @@ $code.=<<___;
 	lea	1($i),$i		# i++
 .align	4
 .Louter4x:
 	lea	32+128(%rsp,$num,8),%rdx	# where 256-byte mask is (+size optimization)
 	pxor	%xmm4,%xmm4
 	pxor	%xmm5,%xmm5
 ___
 for($k=0;$k<$STRIDE/16;$k+=4) {
 $code.=<<___;
 	movdqa	`16*($k+0)-128`($bp),%xmm0
 	movdqa	`16*($k+1)-128`($bp),%xmm1
 	movdqa	`16*($k+2)-128`($bp),%xmm2
 	movdqa	`16*($k+3)-128`($bp),%xmm3
 	pand	`16*($k+0)-128`(%rdx),%xmm0
 	pand	`16*($k+1)-128`(%rdx),%xmm1
 	por	%xmm0,%xmm4
 	pand	`16*($k+2)-128`(%rdx),%xmm2
 	por	%xmm1,%xmm5
 	pand	`16*($k+3)-128`(%rdx),%xmm3
 	por	%xmm2,%xmm4
 	por	%xmm3,%xmm5
 ___
 }
 $code.=<<___;
 	por	%xmm5,%xmm4
 	pshufd	\$0x4e,%xmm4,%xmm0
 	por	%xmm4,%xmm0
 	lea	$STRIDE($bp),$bp
 	movq	%xmm0,$m0		# m0=bp[i]
 	xor	$j,$j			# j=0
 	movq	`0*$STRIDE/4-96`($bp),%xmm0
 	movq	`1*$STRIDE/4-96`($bp),%xmm1
 	pand	%xmm4,%xmm0
 	movq	`2*$STRIDE/4-96`($bp),%xmm2
 	pand	%xmm5,%xmm1
 	mov	(%rsp),$A[0]
 	mov	$n0,$m1
@ -697,9 +575,18 @@ $code.=<<___;
 	mov	($np),%rax
 	adc	\$0,%rdx
 	movq	`3*$STRIDE/4-96`($bp),%xmm3
 	pand	%xmm6,%xmm2
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	imulq	$A[0],$m1		# tp[0]*n0
 	mov	%rdx,$A[1]
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
 	por	%xmm3,%xmm0
 	mulq	$m1			# np[0]*m1
 	add	%rax,$A[0]		# "$N[0]", discarded
 	mov	8($ap),%rax
@ -831,6 +718,7 @@ $code.=<<___;
 	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
 	mov	%rdx,$N[0]
 	movq	%xmm0,$m0		# bp[i+1]
 	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
 	xor	$N[1],$N[1]
@ -921,7 +809,13 @@ ___
 $code.=<<___;
 	mov	8(%rsp,$num,8),%rsi	# restore %rsp
 	mov	\$1,%rax
-
+___
 $code.=<<___ if ($win64);
 	movaps	(%rsi),%xmm6
 	movaps	0x10(%rsi),%xmm7
 	lea	0x28(%rsi),%rsi
 ___
 $code.=<<___;
 	mov	(%rsi),%r15
 	mov	8(%rsi),%r14
 	mov	16(%rsi),%r13
@ -936,8 +830,8 @@ ___
 }}}
 {
-my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9d") : # Win64 order
+my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
-				("%rdi","%rsi","%rdx","%ecx"); # Unix order
+				("%rdi","%rsi","%rdx","%rcx"); # Unix order
 my $out=$inp;
 my $STRIDE=2**5*8;
 my $N=$STRIDE/4;
@ -965,89 +859,53 @@ bn_scatter5:
 .type	bn_gather5,\@abi-omnipotent
 .align	16
 bn_gather5:
-.LSEH_begin_bn_gather5:			# Win64 thing, but harmless in other cases
+___
 $code.=<<___ if ($win64);
 .LSEH_begin_bn_gather5:
 	# I can't trust assembler to use specific encoding:-(
-	.byte	0x4c,0x8d,0x14,0x24			# lea    (%rsp),%r10
+	.byte	0x48,0x83,0xec,0x28		#sub	\$0x28,%rsp
-	.byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00	# sub	$0x108,%rsp
+	.byte	0x0f,0x29,0x34,0x24		#movaps	%xmm6,(%rsp)
-	lea	.Linc(%rip),%rax
+	.byte	0x0f,0x29,0x7c,0x24,0x10	#movdqa	%xmm7,0x10(%rsp)
 	and	\$-16,%rsp		# shouldn't be formally required
 	movd	$idx,%xmm5
 	movdqa	0(%rax),%xmm0		# 00000001000000010000000000000000
 	movdqa	16(%rax),%xmm1		# 00000002000000020000000200000002
 	lea	128($tbl),%r11		# size optimization
 	lea	128(%rsp),%rax		# size optimization
 	pshufd	\$0,%xmm5,%xmm5		# broadcast $idx
 	movdqa	%xmm1,%xmm4
 	movdqa	%xmm1,%xmm2
 ___
 ########################################################################
 # calculate mask by comparing 0..31 to $idx and save result to stack
 #
 for($i=0;$i<$STRIDE/16;$i+=4) {
 $code.=<<___;
 	paddd	%xmm0,%xmm1
 	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
 ___
 $code.=<<___	if ($i);
 	movdqa	%xmm3,`16*($i-1)-128`(%rax)
 ___
 $code.=<<___;
-	movdqa	%xmm4,%xmm3
+	mov	$idx,%r11
-
+	shr	\$`log($N/8)/log(2)`,$idx
-	paddd	%xmm1,%xmm2
+	and	\$`$N/8-1`,%r11
-	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	not	$idx
-	movdqa	%xmm0,`16*($i+0)-128`(%rax)
+	lea	.Lmagic_masks(%rip),%rax
-	movdqa	%xmm4,%xmm0
+	and	\$`2**5/($N/8)-1`,$idx	# 5 is "window size"
-
+	lea	96($tbl,%r11,8),$tbl	# pointer within 1st cache line
-	paddd	%xmm2,%xmm3
+	movq	0(%rax,$idx,8),%xmm4	# set of masks denoting which
-	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movq	8(%rax,$idx,8),%xmm5	# cache line contains element
-	movdqa	%xmm1,`16*($i+1)-128`(%rax)
+	movq	16(%rax,$idx,8),%xmm6	# denoted by 7th argument
-	movdqa	%xmm4,%xmm1
+	movq	24(%rax,$idx,8),%xmm7
 	paddd	%xmm3,%xmm0
 	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
 	movdqa	%xmm2,`16*($i+2)-128`(%rax)
 	movdqa	%xmm4,%xmm2
 ___
 }
 $code.=<<___;
 	movdqa	%xmm3,`16*($i-1)-128`(%rax)
 	jmp	.Lgather
-
+.align	16
 .align	32
 .Lgather:
-	pxor	%xmm4,%xmm4
+	movq	`0*$STRIDE/4-96`($tbl),%xmm0
-	pxor	%xmm5,%xmm5
+	movq	`1*$STRIDE/4-96`($tbl),%xmm1
-___
+	pand	%xmm4,%xmm0
-for($i=0;$i<$STRIDE/16;$i+=4) {
+	movq	`2*$STRIDE/4-96`($tbl),%xmm2
-$code.=<<___;
+	pand	%xmm5,%xmm1
-	movdqa	`16*($i+0)-128`(%r11),%xmm0
+	movq	`3*$STRIDE/4-96`($tbl),%xmm3
-	movdqa	`16*($i+1)-128`(%r11),%xmm1
+	pand	%xmm6,%xmm2
-	movdqa	`16*($i+2)-128`(%r11),%xmm2
+	por	%xmm1,%xmm0
-	pand	`16*($i+0)-128`(%rax),%xmm0
+	pand	%xmm7,%xmm3
-	movdqa	`16*($i+3)-128`(%r11),%xmm3
+	por	%xmm2,%xmm0
-	pand	`16*($i+1)-128`(%rax),%xmm1
+	lea	$STRIDE($tbl),$tbl
-	por	%xmm0,%xmm4
+	por	%xmm3,%xmm0
-	pand	`16*($i+2)-128`(%rax),%xmm2
+
 	por	%xmm1,%xmm5
 	pand	`16*($i+3)-128`(%rax),%xmm3
 	por	%xmm2,%xmm4
 	por	%xmm3,%xmm5
 ___
 }
 $code.=<<___;
 	por	%xmm5,%xmm4
 	lea	$STRIDE(%r11),%r11
 	pshufd	\$0x4e,%xmm4,%xmm0
 	por	%xmm4,%xmm0
 	movq	%xmm0,($out)		# m0=bp[0]
 	lea	8($out),$out
 	sub	\$1,$num
 	jnz	.Lgather
-
+___
-	lea	(%r10),%rsp
+$code.=<<___ if ($win64);
 	movaps	(%rsp),%xmm6
 	movaps	0x10(%rsp),%xmm7
 	lea	0x28(%rsp),%rsp
 ___
 $code.=<<___;
 	ret
 .LSEH_end_bn_gather5:
 .size	bn_gather5,.-bn_gather5
@ -1055,9 +913,9 @@ ___
 }
 $code.=<<___;
 .align	64
-.Linc:
+.Lmagic_masks:
-	.long	0,0, 1,1
+	.long	0,0, 0,0, 0,0, -1,-1
-	.long	2,2, 2,2
+	.long	0,0, 0,0, 0,0,  0,0
 .asciz	"Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
 ___
@ -1096,7 +954,7 @@ mul_handler:
 	cmp	%r10,%rbx		# context->Rip<end of prologue label
 	jb	.Lcommon_seh_tail
-	lea	48(%rax),%rax
+	lea	`40+48`(%rax),%rax
 	mov	4(%r11),%r10d		# HandlerData[1]
 	lea	(%rsi,%r10),%r10	# end of alloca label
@ -1113,7 +971,9 @@ mul_handler:
 	mov	192($context),%r10	# pull $num
 	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
-	lea	48(%rax),%rax
+	movaps	(%rax),%xmm0
 	movaps	16(%rax),%xmm1
 	lea	`40+48`(%rax),%rax
 	mov	-8(%rax),%rbx
 	mov	-16(%rax),%rbp
@ -1127,6 +987,8 @@ mul_handler:
 	mov	%r13,224($context)	# restore context->R13
 	mov	%r14,232($context)	# restore context->R14
 	mov	%r15,240($context)	# restore context->R15
 	movups	%xmm0,512($context)	# restore context->Xmm6
 	movups	%xmm1,528($context)	# restore context->Xmm7
 .Lcommon_seh_tail:
 	mov	8(%rax),%rdi
@ -1195,9 +1057,10 @@ mul_handler:
 	.rva	.Lmul4x_alloca,.Lmul4x_body,.Lmul4x_epilogue	# HandlerData[]
 .align	8
 .LSEH_info_bn_gather5:
-	.byte	0x01,0x0b,0x03,0x0a
+        .byte   0x01,0x0d,0x05,0x00
-	.byte	0x0b,0x01,0x21,0x00	# sub	rsp,0x108
+        .byte   0x0d,0x78,0x01,0x00	#movaps	0x10(rsp),xmm7
-	.byte	0x04,0xa3,0x00,0x00	# lea	r10,(rsp), set_frame r10
+        .byte   0x08,0x68,0x00,0x00	#movaps	(rsp),xmm6
        .byte   0x04,0x42,0x00,0x00	#sub	rsp,0x28
 .align	8
 ___
 }
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@ -125,7 +125,6 @@
 #ifndef HEADER_BN_H
 # define HEADER_BN_H
 # include <limits.h>
 # include <openssl/e_os2.h>
 # ifndef OPENSSL_NO_FP_API
 #  include <stdio.h>            /* FILE */
@ -740,17 +739,8 @@ const BIGNUM *BN_get0_nist_prime_521(void);
 /* library internal functions */
-# define bn_expand(a,bits) \
+# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-    ( \
+        (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
        bits > (INT_MAX - BN_BITS2 + 1) ? \
            NULL \
        : \
            (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
                (a) \
            : \
                bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
    )
 # define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
 # ifndef OPENSSL_NO_DEPRECATED
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@ -110,7 +110,6 @@
 */
 #include "cryptlib.h"
 #include "constant_time_locl.h"
 #include "bn_lcl.h"
 #include <stdlib.h>
@ -272,14 +271,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    }
    bits = BN_num_bits(p);
    if (bits == 0) {
        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(r);
        } else {
        ret = BN_one(r);
        }
        return ret;
    }
@ -413,13 +407,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    }
    bits = BN_num_bits(p);
    if (bits == 0) {
        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(rr);
        } else {
        ret = BN_one(rr);
        }
        return ret;
    }
@ -547,17 +535,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
                                        unsigned char *buf, int idx,
-                                        int window)
+                                        int width)
 {
-    int i, j;
+    size_t i, j;
    int width = 1 << window;
    BN_ULONG *table = (BN_ULONG *)buf;
    if (top > b->top)
        top = b->top;           /* this works because 'buf' is explicitly
                                 * zeroed */
-    for (i = 0, j = idx; i < top; i++, j += width) {
+    for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
-        table[j] = b->d[i];
+        buf[j] = ((unsigned char *)b->d)[i];
    }
    return 1;
@ -565,51 +551,15 @@ static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
 static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
                                          unsigned char *buf, int idx,
-                                          int window)
+                                          int width)
 {
-    int i, j;
+    size_t i, j;
    int width = 1 << window;
    volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
    if (bn_wexpand(b, top) == NULL)
        return 0;
-    if (window <= 3) {
+    for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
-        for (i = 0; i < top; i++, table += width) {
+        ((unsigned char *)b->d)[i] = buf[j];
            BN_ULONG acc = 0;
            for (j = 0; j < width; j++) {
                acc |= table[j] &
                       ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
            }
            b->d[i] = acc;
        }
    } else {
        int xstride = 1 << (window - 2);
        BN_ULONG y0, y1, y2, y3;
        i = idx >> (window - 2);        /* equivalent of idx / xstride */
        idx &= xstride - 1;             /* equivalent of idx % xstride */
        y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
        y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
        y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
        y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
        for (i = 0; i < top; i++, table += width) {
            BN_ULONG acc = 0;
            for (j = 0; j < xstride; j++) {
                acc |= ( (table[j + 0 * xstride] & y0) |
                         (table[j + 1 * xstride] & y1) |
                         (table[j + 2 * xstride] & y2) |
                         (table[j + 3 * xstride] & y3) )
                       & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
            }
            b->d[i] = acc;
        }
    }
    b->top = top;
@ -629,7 +579,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
 * precomputation memory layout to limit data-dependency to a minimum to
 * protect secret exponents (cf. the hyper-threading timing attacks pointed
 * out by Colin Percival,
- * http://www.daemonology.net/hyperthreading-considered-harmful/)
+ * http://www.daemong-consideredperthreading-considered-harmful/)
 */
 int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                              const BIGNUM *m, BN_CTX *ctx,
@ -658,13 +608,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    bits = BN_num_bits(p);
    if (bits == 0) {
        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(rr);
        } else {
        ret = BN_one(rr);
        }
        return ret;
    }
@ -839,9 +783,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    } else
 #endif
    {
-        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers))
            goto err;
-        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers))
            goto err;
        /*
@ -853,15 +797,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        if (window > 1) {
            if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
                goto err;
-            if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
+            if (!MOD_EXP_CTIME_COPY_TO_PREBUF
-                                              window))
+                (&tmp, top, powerbuf, 2, numPowers))
                goto err;
            for (i = 3; i < numPowers; i++) {
                /* Calculate a^i = a^(i-1) * a */
                if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
                    goto err;
-                if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
+                if (!MOD_EXP_CTIME_COPY_TO_PREBUF
-                                                  window))
+                    (&tmp, top, powerbuf, i, numPowers))
                    goto err;
            }
        }
@ -869,8 +813,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        bits--;
        for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
+        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
-                                            window))
+            (&tmp, top, powerbuf, wvalue, numPowers))
            goto err;
        /*
@ -890,8 +834,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
            /*
             * Fetch the appropriate pre-computed value from the pre-buf
             */
-            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
+            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
-                                                window))
+                (&am, top, powerbuf, wvalue, numPowers))
                goto err;
            /* Multiply the result into the intermediate result */
@ -964,9 +908,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(rr);
-        } else {
+        } else
            ret = BN_one(rr);
        }
        return ret;
    }
    if (a == 0) {
@ -1080,14 +1023,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    }
    bits = BN_num_bits(p);
    if (bits == 0) {
        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(r);
        } else {
        ret = BN_one(r);
        }
        return ret;
    }
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@ -58,7 +58,6 @@
 #include <stdio.h>
 #include <ctype.h>
 #include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include "bn_lcl.h"
@ -190,11 +189,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
        a++;
    }
-    for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
+    for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
        continue;
    if (i > INT_MAX/4)
        goto err;
    num = i + neg;
    if (bn == NULL)
@ -209,7 +204,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
        BN_zero(ret);
    }
-    /* i is the number of hex digits */
+    /* i is the number of hex digests; */
    if (bn_expand(ret, i * 4) == NULL)
        goto err;
@ -265,11 +260,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
        a++;
    }
-    for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
+    for (i = 0; isdigit((unsigned char)a[i]); i++) ;
        continue;
    if (i > INT_MAX/4)
        goto err;
    num = i + neg;
    if (bn == NULL)
@ -287,7 +278,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
        BN_zero(ret);
    }
-    /* i is the number of digits, a bit of an over expand */
+    /* i is the number of digests, a bit of an over expand; */
    if (bn_expand(ret, i * 4) == NULL)
        goto err;
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@ -65,7 +65,6 @@ void BN_RECP_CTX_init(BN_RECP_CTX *recp)
    BN_init(&(recp->N));
    BN_init(&(recp->Nr));
    recp->num_bits = 0;
    recp->shift = 0;
    recp->flags = 0;
 }
--- a/crypto/bn/exptest.c
+++ b/crypto/bn/exptest.c
@ -72,25 +72,6 @@
 static const char rnd_seed[] =
    "string to make the random number generator think it has entropy";
 /*
 * Test that r == 0 in test_exp_mod_zero(). Returns one on success,
 * returns zero and prints debug output otherwise.
 */
 static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
                             const BIGNUM *a) {
    if (!BN_is_zero(r)) {
        fprintf(stderr, "%s failed:\n", method);
        fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
        fprintf(stderr, "a = ");
        BN_print_fp(stderr, a);
        fprintf(stderr, "\nr = ");
        BN_print_fp(stderr, r);
        fprintf(stderr, "\n");
        return 0;
    }
    return 1;
 }
 /*
 * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
 */
@ -98,9 +79,8 @@ static int test_exp_mod_zero()
 {
    BIGNUM a, p, m;
    BIGNUM r;
    BN_ULONG one_word = 1;
    BN_CTX *ctx = BN_CTX_new();
-    int ret = 1, failed = 0;
+    int ret = 1;
    BN_init(&m);
    BN_one(&m);
@ -112,65 +92,21 @@ static int test_exp_mod_zero()
    BN_zero(&p);
    BN_init(&r);
    BN_mod_exp(&r, &a, &p, &m, ctx);
    BN_CTX_free(ctx);
-    if (!BN_rand(&a, 1024, 0, 0))
+    if (BN_is_zero(&r))
-        goto err;
+        ret = 0;
-
+    else {
-    if (!BN_mod_exp(&r, &a, &p, &m, ctx))
+        printf("1**0 mod 1 = ");
-        goto err;
+        BN_print_fp(stdout, &r);
-
+        printf(", should be 0\n");
    if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
        failed = 1;
    if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
        goto err;
    if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
        failed = 1;
    if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
        goto err;
    if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
        failed = 1;
    if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
        goto err;
    if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
        failed = 1;
    if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
        goto err;
    }
    if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
        failed = 1;
    /*
     * A different codepath exists for single word multiplication
     * in non-constant-time only.
     */
    if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
        goto err;
    if (!BN_is_zero(&r)) {
        fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
        fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
        fprintf(stderr, "r = ");
        BN_print_fp(stderr, &r);
        fprintf(stderr, "\n");
        return 0;
    }
    ret = failed;
 err:
    BN_free(&r);
    BN_free(&a);
    BN_free(&p);
    BN_free(&m);
    BN_CTX_free(ctx);
    return ret;
 }
--- a/crypto/camellia/camellia.c
+++ b/crypto/camellia/camellia.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia.c */
+/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
 * ALL RIGHTS RESERVED.
@ -67,7 +67,7 @@
 /*
 * Algorithm Specification
- * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+ * http://info.isl.llia/specicrypt/eng/camellia/specifications.html
 */
 /*
--- a/crypto/camellia/camellia.h
+++ b/crypto/camellia/camellia.h
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia.h */
+/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/camellia/cmll_cbc.c
+++ b/crypto/camellia/cmll_cbc.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_cbc.c */
+/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/camellia/cmll_cfb.c
+++ b/crypto/camellia/cmll_cfb.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_cfb.c */
+/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/camellia/cmll_ctr.c
+++ b/crypto/camellia/cmll_ctr.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_ctr.c */
+/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/camellia/cmll_ecb.c
+++ b/crypto/camellia/cmll_ecb.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_ecb.c */
+/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/camellia/cmll_locl.h
+++ b/crypto/camellia/cmll_locl.h
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_locl.h */
+/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
 * ALL RIGHTS RESERVED.
--- a/crypto/camellia/cmll_misc.c
+++ b/crypto/camellia/cmll_misc.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_misc.c */
+/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/camellia/cmll_ofb.c
+++ b/crypto/camellia/cmll_ofb.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_ofb.c */
+/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/camellia/cmll_utl.c
+++ b/crypto/camellia/cmll_utl.c
@ -1,4 +1,4 @@
-/* crypto/camellia/cmll_utl.c */
+/* crypto/camellia/cmll_utl.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/comp/comp.h
+++ b/crypto/comp/comp.h
@ -4,10 +4,6 @@
 # include <openssl/crypto.h>
 # ifdef OPENSSL_NO_COMP
 #  error COMP is disabled.
 # endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
--- a/crypto/des/des_old.c
+++ b/crypto/des/des_old.c
@ -1,4 +1,4 @@
-/* crypto/des/des_old.c */
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
 /*-
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
--- a/crypto/des/des_old.h
+++ b/crypto/des/des_old.h
@ -1,4 +1,4 @@
-/* crypto/des/des_old.h */
+/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
 /*-
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
--- a/crypto/des/des_old2.c
+++ b/crypto/des/des_old2.c
@ -1,4 +1,4 @@
-/* crypto/des/des_old.c */
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@ -191,8 +191,6 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
    STACK_OF(ASN1_TYPE) *ndsa = NULL;
    DSA *dsa = NULL;
    int ret = 0;
    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
        return 0;
    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
@ -264,21 +262,23 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
    }
    EVP_PKEY_assign_DSA(pkey, dsa);
    ret = 1;
    goto done;
 decerr:
    DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
 dsaerr:
    DSA_free(dsa);
 done:
    BN_CTX_free(ctx);
    if (ndsa)
        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
    else
        ASN1_STRING_clear_free(privkey);
-    return ret;
+
    return 1;
 decerr:
    DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
 dsaerr:
    BN_CTX_free(ctx);
    if (privkey)
        ASN1_STRING_clear_free(privkey);
    sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
    DSA_free(dsa);
    return 0;
 }
 static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@ -187,6 +187,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
    if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
        goto err;
    ret = DSA_SIG_new();
    if (ret == NULL)
        goto err;
    /*
     * Redo if r or s is zero as required by FIPS 186-3: this is very
     * unlikely.
@ -198,14 +201,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        }
        goto redo;
    }
    ret = DSA_SIG_new();
    if (ret == NULL)
        goto err;
    ret->r = r;
    ret->s = s;
 err:
-    if (ret == NULL) {
+    if (!ret) {
        DSAerr(DSA_F_DSA_DO_SIGN, reason);
        BN_free(r);
        BN_free(s);
--- a/crypto/dso/dso.h
+++ b/crypto/dso/dso.h
@ -1,4 +1,4 @@
-/* dso.h */
+/* dso.h -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@ -1,4 +1,4 @@
-/* dso_dl.c */
+/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2000.
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@ -1,4 +1,4 @@
-/* dso_dlfcn.c */
+/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@ -1,4 +1,4 @@
-/* dso_lib.c */
+/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/crypto/dso/dso_vms.c
+++ b/crypto/dso/dso_vms.c
@ -1,4 +1,4 @@
-/* dso_vms.c */
+/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2000.
--- a/crypto/dso/dso_win32.c
+++ b/crypto/dso/dso_win32.c
@ -1,4 +1,4 @@
-/* dso_win32.c */
+/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/crypto/ec/ectest.c
+++ b/crypto/ec/ectest.c
@ -1591,7 +1591,7 @@ struct nistp_test_params {
    int degree;
    /*
     * Qx, Qy and D are taken from
-     * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+     * http://csrcdocut.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
     * Otherwise, values are standard curve parameters from FIPS 180-3
     */
    const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
@ -1,4 +1,4 @@
-/* crypto/engine/eng_all.c */
+/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
 * 2000.
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@ -200,10 +200,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
    }
 #endif
    if (ctx->digest != type) {
-        if (ctx->digest && ctx->digest->ctx_size) {
+        if (ctx->digest && ctx->digest->ctx_size)
            OPENSSL_free(ctx->md_data);
            ctx->md_data = NULL;
        }
        ctx->digest = type;
        if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
            ctx->update = type->update;
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@ -1,4 +1,4 @@
-/* crypto/evp/e_camellia.c */
+/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/evp/e_old.c
+++ b/crypto/evp/e_old.c
@ -1,4 +1,4 @@
-/* crypto/evp/e_old.c */
+/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2004.
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
@ -1,4 +1,4 @@
-/* crypto/evp/e_seed.c */
+/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@ -57,7 +57,6 @@
 */
 #include <stdio.h>
 #include <limits.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
@ -152,13 +151,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                      const unsigned char *in, int inl)
 {
    int i, j;
-    size_t total = 0;
+    unsigned int total = 0;
    *outl = 0;
    if (inl <= 0)
        return;
    OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-    if (ctx->length - ctx->num > inl) {
+    if ((ctx->num + inl) < ctx->length) {
        memcpy(&(ctx->enc_data[ctx->num]), in, inl);
        ctx->num += inl;
        return;
@ -175,7 +174,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
        *out = '\0';
        total = j + 1;
    }
-    while (inl >= ctx->length && total <= INT_MAX) {
+    while (inl >= ctx->length) {
        j = EVP_EncodeBlock(out, in, ctx->length);
        in += ctx->length;
        inl -= ctx->length;
@ -184,11 +183,6 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
        *out = '\0';
        total += j + 1;
    }
    if (total > INT_MAX) {
        /* Too much output data! */
        *outl = 0;
        return;
    }
    if (inl != 0)
        memcpy(&(ctx->enc_data[0]), in, inl);
    ctx->num = inl;
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@ -334,7 +334,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
    bl = ctx->cipher->block_size;
    OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
    if (i != 0) {
-        if (bl - i > inl) {
+        if (i + inl < bl) {
            memcpy(&(ctx->buf[i]), in, inl);
            ctx->buf_len += inl;
            *outl = 0;
--- a/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
@ -1,4 +1,4 @@
-/* crypto/mem_clr.c */
+/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2002.
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@ -67,20 +67,23 @@
 /* increment counter (128-bit int) by 1 */
 static void ctr128_inc(unsigned char *counter)
 {
-    u32 n = 16, c = 1;
+    u32 n = 16;
    u8 c;
    do {
        --n;
-        c += counter[n];
+        c = counter[n];
-        counter[n] = (u8)c;
+        ++c;
-        c >>= 8;
+        counter[n] = c;
        if (c)
            return;
    } while (n);
 }
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
 static void ctr128_inc_aligned(unsigned char *counter)
 {
-    size_t *data, c, d, n;
+    size_t *data, c, n;
    const union {
        long one;
        char little;
@ -88,19 +91,20 @@ static void ctr128_inc_aligned(unsigned char *counter)
        1
    };
-    if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) {
+    if (is_endian.little) {
        ctr128_inc(counter);
        return;
    }
    data = (size_t *)counter;
    c = 1;
    n = 16 / sizeof(size_t);
    do {
        --n;
-        d = data[n] += c;
+        c = data[n];
-        /* did addition carry? */
+        ++c;
-        c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
+        data[n] = c;
        if (c)
            return;
    } while (n);
 }
 #endif
@ -140,14 +144,14 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
            }
 # if defined(STRICT_ALIGNMENT)
-            if (((size_t)in | (size_t)out | (size_t)ecount_buf)
+            if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) !=
-                % sizeof(size_t) != 0)
+                0)
                break;
 # endif
            while (len >= 16) {
                (*block) (ivec, ecount_buf, key);
                ctr128_inc_aligned(ivec);
-                for (n = 0; n < 16; n += sizeof(size_t))
+                for (; n < 16; n += sizeof(size_t))
                    *(size_t *)(out + n) =
                        *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
                len -= 16;
@ -185,13 +189,16 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 /* increment upper 96 bits of 128-bit counter by 1 */
 static void ctr96_inc(unsigned char *counter)
 {
-    u32 n = 12, c = 1;
+    u32 n = 12;
    u8 c;
    do {
        --n;
-        c += counter[n];
+        c = counter[n];
-        counter[n] = (u8)c;
+        ++c;
-        c >>= 8;
+        counter[n] = c;
        if (c)
            return;
    } while (n);
 }
--- a/crypto/o_dir.c
+++ b/crypto/o_dir.c
@ -1,4 +1,4 @@
-/* crypto/o_dir.c */
+/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2004.
--- a/crypto/o_dir.h
+++ b/crypto/o_dir.h
@ -1,4 +1,4 @@
-/* crypto/o_dir.h */
+/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Copied from Richard Levitte's (richard@levitte.org) LP library.  All
 * symbol names have been changed, with permission from the author.
--- a/crypto/o_dir_test.c
+++ b/crypto/o_dir_test.c
@ -1,4 +1,4 @@
-/* crypto/o_dir.h */
+/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Copied from Richard Levitte's (richard@levitte.org) LP library.  All
 * symbol names have been changed, with permission from the author.
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@ -1,4 +1,4 @@
-/* crypto/o_str.c */
+/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2003.
--- a/crypto/o_str.h
+++ b/crypto/o_str.h
@ -1,4 +1,4 @@
-/* crypto/o_str.h */
+/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2003.
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@ -1,4 +1,4 @@
-/* crypto/o_time.c */
+/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
--- a/crypto/o_time.h
+++ b/crypto/o_time.h
@ -1,4 +1,4 @@
-/* crypto/o_time.h */
+/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@ -30,11 +30,11 @@ extern "C" {
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-# define OPENSSL_VERSION_NUMBER  0x10001140L
+# define OPENSSL_VERSION_NUMBER  0x1000111fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1t-fips-dev  xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1q-fips 3 Dec 2015"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1t-dev  xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1q 3 Dec 2015"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
    if (enc != NULL) {
        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
+        if (objstr == NULL) {
            PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
            goto err;
        }
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@ -131,10 +131,6 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
 # define MS_PVKMAGIC             0xb0b5f11eL
 /* Salt length for PVK files */
 # define PVK_SALTLEN             0x10
 /* Maximum length in PVK header */
 # define PVK_MAX_KEYLEN          102400
 /* Maximum salt length */
 # define PVK_MAX_SALTLEN         10240
 static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
                         unsigned int bitlen, int ispub);
@ -648,9 +644,6 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
    *psaltlen = read_ledword(&p);
    *pkeylen = read_ledword(&p);
    if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
        return 0;
    if (is_encrypted && !*psaltlen) {
        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
        return 0;
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@ -121,7 +121,7 @@ my %globals;
 		$self->{sz} = "";
 	    } elsif ($self->{op} =~ /^v/) { # VEX
 		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /mov[dq]/ && $line =~ /%xmm/) {
+	    } elsif ($self->{op} =~ /movq/ && $line =~ /%xmm/) {
 		$self->{sz} = "";
 	    } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
 		$self->{op} = $1;
--- a/crypto/rand/rand_vms.c
+++ b/crypto/rand/rand_vms.c
@ -1,4 +1,4 @@
-/* crypto/rand/rand_vms.c */
+/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
 * 2000.
--- a/crypto/rc4/rc4_utl.c
+++ b/crypto/rc4/rc4_utl.c
@ -1,4 +1,4 @@
-/* crypto/rc4/rc4_utl.c */
+/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@ -1,4 +1,4 @@
-/* crypto/rsa/rsa_chk.c  */
+/* crypto/rsa/rsa_chk.c  -*- Mode: C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/seed/seed_cbc.c
+++ b/crypto/seed/seed_cbc.c
@ -1,4 +1,4 @@
-/* crypto/seed/seed_cbc.c */
+/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/seed/seed_cfb.c
+++ b/crypto/seed/seed_cfb.c
@ -1,4 +1,4 @@
-/* crypto/seed/seed_cfb.c */
+/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/seed/seed_ecb.c
+++ b/crypto/seed/seed_ecb.c
@ -1,4 +1,4 @@
-/* crypto/seed/seed_ecb.c */
+/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/seed/seed_ofb.c
+++ b/crypto/seed/seed_ofb.c
@ -1,4 +1,4 @@
-/* crypto/seed/seed_ofb.c */
+/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/sha/sha1test.c
+++ b/crypto/sha/sha1test.c
@ -157,8 +157,8 @@ int main(int argc, char *argv[])
    if (err)
        printf("ERROR: %d\n", err);
 # endif
    EVP_MD_CTX_cleanup(&c);
    EXIT(err);
    EVP_MD_CTX_cleanup(&c);
    return (0);
 }
--- a/Show More
+++ b/Show More