73 changed files with 663 additions and 1607 deletions
--- a/144
+++ b/144
@ -2,148 +2,6 @@
 OpenSSL CHANGES
 _______________
 Changes between 1.0.1s and 1.0.1t [xx XXX xxxx]
  *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
     default.
     [Kurt Roeckx]
  *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
     methods are enabled and ssl2 is disabled the methods return NULL.
     [Kurt Roeckx]
 Changes between 1.0.1r and 1.0.1s [1 Mar 2016]
  * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
    Builds that are not configured with "enable-weak-ssl-ciphers" will not
    provide any "EXPORT" or "LOW" strength ciphers.
    [Viktor Dukhovni]
  * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
    is by default disabled at build-time.  Builds that are not configured with
    "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
    users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
    will need to explicitly call either of:
        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
    or
        SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
    as appropriate.  Even if either of those is used, or the application
    explicitly uses the version-specific SSLv2_method() or its client and
    server variants, SSLv2 ciphers vulnerable to exhaustive search key
    recovery have been removed.  Specifically, the SSLv2 40-bit EXPORT
    ciphers, and SSLv2 56-bit DES are no longer available.
    (CVE-2016-0800)
    [Viktor Dukhovni]
  *) Fix a double-free in DSA code
     A double free bug was discovered when OpenSSL parses malformed DSA private
     keys and could lead to a DoS attack or memory corruption for applications
     that receive DSA private keys from untrusted sources.  This scenario is
     considered rare.
     This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
     libFuzzer.
     (CVE-2016-0705)
     [Stephen Henson]
  *) Disable SRP fake user seed to address a server memory leak.
     Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
     SRP_VBASE_get_by_user had inconsistent memory management behaviour.
     In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
     was changed to ignore the "fake user" SRP seed, even if the seed
     is configured.
     Users should use SRP_VBASE_get1_by_user instead. Note that in
     SRP_VBASE_get1_by_user, caller must free the returned value. Note
     also that even though configuring the SRP seed attempts to hide
     invalid usernames by continuing the handshake with fake
     credentials, this behaviour is not constant time and no strong
     guarantees are made that the handshake is indistinguishable from
     that of a valid user.
     (CVE-2016-0798)
     [Emilia Käsper]
  *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
     In the BN_hex2bn function the number of hex digits is calculated using an
     int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
     large values of |i| this can result in |bn_expand| not allocating any
     memory because |i * 4| is negative. This can leave the internal BIGNUM data
     field as NULL leading to a subsequent NULL ptr deref. For very large values
     of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
     In this case memory is allocated to the internal BIGNUM data field, but it
     is insufficiently sized leading to heap corruption. A similar issue exists
     in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
     is ever called by user applications with very large untrusted hex/dec data.
     This is anticipated to be a rare occurrence.
     All OpenSSL internal usage of these functions use data that is not expected
     to be untrusted, e.g. config file data or application command line
     arguments. If user developed applications generate config file data based
     on untrusted data then it is possible that this could also lead to security
     consequences. This is also anticipated to be rare.
     This issue was reported to OpenSSL by Guido Vranken.
     (CVE-2016-0797)
     [Matt Caswell]
  *) Fix memory issues in BIO_*printf functions
     The internal |fmtstr| function used in processing a "%s" format string in
     the BIO_*printf functions could overflow while calculating the length of a
     string and cause an OOB read when printing very long strings.
     Additionally the internal |doapr_outch| function can attempt to write to an
     OOB memory location (at an offset from the NULL pointer) in the event of a
     memory allocation failure. In 1.0.2 and below this could be caused where
     the size of a buffer to be allocated is greater than INT_MAX. E.g. this
     could be in processing a very long "%s" format string. Memory leaks can
     also occur.
     The first issue may mask the second issue dependent on compiler behaviour.
     These problems could enable attacks where large amounts of untrusted data
     is passed to the BIO_*printf functions. If applications use these functions
     in this way then they could be vulnerable. OpenSSL itself uses these
     functions when printing out human-readable dumps of ASN.1 data. Therefore
     applications that print this data could be vulnerable if the data is from
     untrusted sources. OpenSSL command line applications could also be
     vulnerable where they print out ASN.1 data, or if untrusted data is passed
     as command line arguments.
     Libssl is not considered directly vulnerable. Additionally certificates etc
     received via remote connections via libssl are also unlikely to be able to
     trigger these issues because of message size limits enforced within libssl.
     This issue was reported to OpenSSL Guido Vranken.
     (CVE-2016-0799)
     [Matt Caswell]
  *) Side channel attack on modular exponentiation
     A side-channel attack was found which makes use of cache-bank conflicts on
     the Intel Sandy-Bridge microarchitecture which could lead to the recovery
     of RSA keys.  The ability to exploit this issue is limited as it relies on
     an attacker who has control of code in a thread running on the same
     hyper-threaded core as the victim thread which is performing decryptions.
     This issue was reported to OpenSSL by Yuval Yarom, The University of
     Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
     Nadia Heninger, University of Pennsylvania with more information at
     http://cachebleed.info.
     (CVE-2016-0702)
     [Andy Polyakov]
  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
     if no keysize is specified with default_bits. This fixes an
     omission in an earlier change that changed all RSA/DSA key generation
     apps to use 2048 bits by default.
     [Emilia Käsper]
 Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
  *) Protection for DH small subgroup attacks
@ -204,7 +62,7 @@
     [Emilia Käsper]
  *) In DSA_generate_parameters_ex, if the provided seed is too short,
-     use a random seed, as already documented.
+     return an error
     [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
 Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
--- a/8
+++ b/8
@ -58,10 +58,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 #		library and will be loaded in run-time by the OpenSSL library.
 # sctp          include SCTP support
 # 386           generate 80386 code
 # enable-weak-ssl-ciphers
 #		Enable EXPORT and LOW SSLv3 ciphers that are disabled by
 #		default.  Note, weak SSLv2 ciphers are unconditionally
 #		disabled.
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
@ -728,12 +724,10 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
 		 "md2"            => "default",
 		 "rc5"            => "default",
 		 "rfc3779"	  => "default",
-		 "sctp"           => "default",
+		 "sctp"       => "default",
 		 "shared"         => "default",
 		 "ssl2"           => "default",
 		 "store"	  => "experimental",
 		 "unit-test"	  => "default",
 		 "weak-ssl-ciphers" => "default",
 		 "zlib"           => "default",
 		 "zlib-dynamic"   => "default"
 	       );
--- a/17
+++ b/17
@ -5,23 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [under development]
      o
  Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
      o Disable SSLv2 default build, default negotiation and weak ciphers
        (CVE-2016-0800)
      o Fix a double-free in DSA code (CVE-2016-0705)
      o Disable SRP fake user seed to address a server memory leak
        (CVE-2016-0798)
      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
        (CVE-2016-0797)
      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
  Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
      o Protection for DH small subgroup attacks
--- a/2
+++ b/2
@ -1,5 +1,5 @@
- OpenSSL 1.0.1t-dev
+ OpenSSL 1.0.1r 28 Jan 2016
 Copyright (c) 1998-2015 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@ -235,16 +235,12 @@ int MAIN(int argc, char **argv)
        i = OBJ_obj2nid(p7->type);
        switch (i) {
        case NID_pkcs7_signed:
-            if (p7->d.sign != NULL) {
+            certs = p7->d.sign->cert;
-                certs = p7->d.sign->cert;
+            crls = p7->d.sign->crl;
                crls = p7->d.sign->crl;
            }
            break;
        case NID_pkcs7_signedAndEnveloped:
-            if (p7->d.signed_and_enveloped != NULL) {
+            certs = p7->d.signed_and_enveloped->cert;
-                certs = p7->d.signed_and_enveloped->cert;
+            crls = p7->d.signed_and_enveloped->crl;
                crls = p7->d.signed_and_enveloped->crl;
            }
            break;
        default:
            break;
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -416,8 +416,6 @@ typedef struct srpsrvparm_st {
 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
 {
    srpsrvparm *p = (srpsrvparm *) arg;
    int ret = SSL3_AL_FATAL;
    if (p->login == NULL && p->user == NULL) {
        p->login = SSL_get_srp_username(s);
        BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
@ -426,25 +424,21 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
    if (p->user == NULL) {
        BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
-        goto err;
+        return SSL3_AL_FATAL;
    }
    if (SSL_set_srp_server_param
        (s, p->user->N, p->user->g, p->user->s, p->user->v,
         p->user->info) < 0) {
        *ad = SSL_AD_INTERNAL_ERROR;
-        goto err;
+        return SSL3_AL_FATAL;
    }
    BIO_printf(bio_err,
               "SRP parameters set: username = \"%s\" info=\"%s\" \n",
               p->login, p->user->info);
-    ret = SSL_ERROR_NONE;
+    /* need to check whether there are memory leaks */
 err:
    SRP_user_pwd_free(p->user);
    p->user = NULL;
    p->login = NULL;
-    return ret;
+    return SSL_ERROR_NONE;
 }
 #endif
@ -2250,10 +2244,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 #ifndef OPENSSL_NO_SRP
                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during write\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
-                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                               srp_callback_parm.login);
+                                              srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
@ -2307,10 +2300,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 #ifndef OPENSSL_NO_SRP
                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
-                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                               srp_callback_parm.login);
+                                              srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
@ -2395,10 +2387,9 @@ static int init_ssl_connection(SSL *con)
    while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
        BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
                   srp_callback_parm.login);
        SRP_user_pwd_free(srp_callback_parm.user);
        srp_callback_parm.user =
-            SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+            SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                   srp_callback_parm.login);
+                                  srp_callback_parm.login);
        if (srp_callback_parm.user)
            BIO_printf(bio_s_out, "LOOKUP done %s\n",
                       srp_callback_parm.user->info);
@ -2625,10 +2616,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
                   && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
                BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
                           srp_callback_parm.login);
                SRP_user_pwd_free(srp_callback_parm.user);
                srp_callback_parm.user =
-                    SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                    SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                           srp_callback_parm.login);
+                                          srp_callback_parm.login);
                if (srp_callback_parm.user)
                    BIO_printf(bio_s_out, "LOOKUP done %s\n",
                               srp_callback_parm.user->info);
@ -2668,10 +2658,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
                if (BIO_should_io_special(io)
                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
-                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                               srp_callback_parm.login);
+                                              srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
    } else {
        if (len != 0) {
            if ((ret->length < len) || (ret->data == NULL)) {
                if (ret->data != NULL)
                    OPENSSL_free(ret->data);
                s = (unsigned char *)OPENSSL_malloc((int)len + 1);
                if (s == NULL) {
                    i = ERR_R_MALLOC_FAILURE;
                    goto err;
                }
                if (ret->data != NULL)
                    OPENSSL_free(ret->data);
            } else
                s = ret->data;
            memcpy(s, p, (int)len);
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@ -141,7 +141,6 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
 #endif
 #define HEADER_SIZE   8
 #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 {
    BUF_MEM *b;
@ -218,44 +217,29 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
            /* suck in c.slen bytes of data */
            want = c.slen;
            if (want > (len - off)) {
                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
                want -= (len - off);
                if (want > INT_MAX /* BIO_read takes an int length */  ||
                    len + want < len) {
                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
                    goto err;
                }
                if (!BUF_MEM_grow_clean(b, len + want)) {
                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
                    goto err;
                }
                while (want > 0) {
-                    /*
+                    i = BIO_read(in, &(b->data[len]), want);
-                     * Read content in chunks of increasing size
+                    if (i <= 0) {
-                     * so we can return an error for EOF without
+                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-                     * having to allocate the entire content length
+                                ASN1_R_NOT_ENOUGH_DATA);
                     * in one go.
                     */
                    size_t chunk = want > chunk_max ? chunk_max : want;
                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
                        goto err;
                    }
                    want -= chunk;
                    while (chunk > 0) {
                        i = BIO_read(in, &(b->data[len]), chunk);
                        if (i <= 0) {
                            ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
                                    ASN1_R_NOT_ENOUGH_DATA);
                            goto err;
                        }
                    /*
                     * This can't overflow because |len+want| didn't
                     * overflow.
                     */
-                        len += i;
+                    len += i;
-                        chunk -= i;
+                    want -= i;
                    }
                    if (chunk_max < INT_MAX/2)
                        chunk_max *= 2;
                }
            }
            if (off + c.slen < off) {
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@ -63,7 +63,7 @@
 #include <openssl/asn1_mac.h>
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-                           long max);
+                           int max);
 static void asn1_put_length(unsigned char **pp, int length);
 const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
    }
    *ptag = tag;
    *pclass = xclass;
-    if (!asn1_get_length(&p, &inf, plength, max))
+    if (!asn1_get_length(&p, &inf, plength, (int)max))
        goto err;
    if (inf && !(ret & V_ASN1_CONSTRUCTED))
@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 }
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-                           long max)
+                           int max)
 {
    const unsigned char *p = *pp;
    unsigned long ret = 0;
-    unsigned long i;
+    unsigned int i;
    if (max-- < 1)
-        return 0;
+        return (0);
    if (*p == 0x80) {
        *inf = 1;
        ret = 0;
@ -175,11 +175,15 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
        *inf = 0;
        i = *p & 0x7f;
        if (*(p++) & 0x80) {
-            if (i > sizeof(ret) || max < (long)i)
+            if (i > sizeof(long))
                return 0;
            if (max-- == 0)
                return (0);
            while (i-- > 0) {
                ret <<= 8L;
                ret |= *(p++);
                if (max-- == 0)
                    return (0);
            }
        } else
            ret = i;
@ -188,7 +192,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
        return 0;
    *pp = p;
    *rl = (long)ret;
-    return 1;
+    return (1);
 }
 /*
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@ -173,8 +173,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
        if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
            goto end;
        if (j & V_ASN1_CONSTRUCTED) {
            const unsigned char *sp;
            ep = p + len;
            if (BIO_write(bp, "\n", 1) <= 0)
                goto end;
@ -184,7 +182,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                goto end;
            }
            if ((j == 0x21) && (len == 0)) {
                sp = p;
                for (;;) {
                    r = asn1_parse2(bp, &p, (long)(tot - p),
                                    offset + (p - *pp), depth + 1,
@ -193,25 +190,19 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                        ret = 0;
                        goto end;
                    }
-                    if ((r == 2) || (p >= tot)) {
+                    if ((r == 2) || (p >= tot))
                        len = p - sp;
                        break;
                    }
                }
-            } else {
+            } else
                long tmp = len;
                while (p < ep) {
-                    sp = p;
+                    r = asn1_parse2(bp, &p, (long)len,
-                    r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
+                                    offset + (p - *pp), depth + 1,
                                    indent, dump);
                    if (r == 0) {
                        ret = 0;
                        goto end;
                    }
                    tmp -= p - sp;
                }
            }
        } else if (xclass != 0) {
            p += len;
            if (BIO_write(bp, "\n", 1) <= 0)
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@ -140,8 +140,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
            goto err;
        bs = X509_get_serialNumber(x);
-        if (bs->length < (int)sizeof(long)
+        if (bs->length <= (int)sizeof(long)) {
            || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
            l = ASN1_INTEGER_get(bs);
            if (bs->type == V_ASN1_NEG_INTEGER) {
                l = -l;
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@ -66,13 +66,6 @@
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
 /*
 * Maximum length of X509_NAME: much larger than anything we should
 * ever see in practice.
 */
 #define X509_NAME_MAX (1024 * 1024)
 static int x509_name_ex_d2i(ASN1_VALUE **val,
                            const unsigned char **in, long len,
                            const ASN1_ITEM *it,
@ -199,10 +192,6 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
    int i, j, ret;
    STACK_OF(X509_NAME_ENTRY) *entries;
    X509_NAME_ENTRY *entry;
    if (len > X509_NAME_MAX) {
        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
        return 0;
    }
    q = p;
    /* Get internal representation of Name */
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@ -201,19 +201,9 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 int i2d_X509_AUX(X509 *a, unsigned char **pp)
 {
-    int length, tmplen;
+    int length;
    unsigned char *start = pp != NULL ? *pp : NULL;
    length = i2d_X509(a, pp);
-    if (length < 0 || a == NULL)
+    if (a)
-        return length;
+        length += i2d_X509_CERT_AUX(a->aux, pp);
    tmplen = i2d_X509_CERT_AUX(a->aux, pp);
    if (tmplen < 0) {
        if (start != NULL)
            *pp = start;
        return tmplen;
    }
    length += tmplen;
    return length;
 }
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@ -125,16 +125,16 @@
 # define LLONG long
 #endif
-static int fmtstr(char **, char **, size_t *, size_t *,
+static void fmtstr(char **, char **, size_t *, size_t *,
-                  const char *, int, int, int);
+                   const char *, int, int, int);
-static int fmtint(char **, char **, size_t *, size_t *,
+static void fmtint(char **, char **, size_t *, size_t *,
-                  LLONG, int, int, int, int);
+                   LLONG, int, int, int, int);
-static int fmtfp(char **, char **, size_t *, size_t *,
+static void fmtfp(char **, char **, size_t *, size_t *,
-                 LDOUBLE, int, int, int);
+                  LDOUBLE, int, int, int);
-static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static void doapr_outch(char **, char **, size_t *, size_t *, int);
-static int _dopr(char **sbuffer, char **buffer,
+static void _dopr(char **sbuffer, char **buffer,
-                 size_t *maxlen, size_t *retlen, int *truncated,
+                  size_t *maxlen, size_t *retlen, int *truncated,
-                 const char *format, va_list args);
+                  const char *format, va_list args);
 /* format read states */
 #define DP_S_DEFAULT    0
@ -165,7 +165,7 @@ static int _dopr(char **sbuffer, char **buffer,
 #define char_to_int(p) (p - '0')
 #define OSSL_MAX(p,q) ((p >= q) ? p : q)
-static int
+static void
 _dopr(char **sbuffer,
      char **buffer,
      size_t *maxlen,
@ -196,8 +196,7 @@ _dopr(char **sbuffer,
            if (ch == '%')
                state = DP_S_FLAGS;
            else
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
                    return 0;
            ch = *format++;
            break;
        case DP_S_FLAGS:
@ -303,9 +302,8 @@ _dopr(char **sbuffer,
                    value = va_arg(args, int);
                    break;
                }
-                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
+                fmtint(sbuffer, buffer, &currlen, maxlen,
-                            max, flags))
+                       value, 10, min, max, flags);
                    return 0;
                break;
            case 'X':
                flags |= DP_F_UP;
@ -328,19 +326,17 @@ _dopr(char **sbuffer,
                    value = (LLONG) va_arg(args, unsigned int);
                    break;
                }
-                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
+                fmtint(sbuffer, buffer, &currlen, maxlen, value,
-                            ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
-                            min, max, flags))
+                       min, max, flags);
                    return 0;
                break;
            case 'f':
                if (cflags == DP_C_LDOUBLE)
                    fvalue = va_arg(args, LDOUBLE);
                else
                    fvalue = va_arg(args, double);
-                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                fmtfp(sbuffer, buffer, &currlen, maxlen,
-                           flags))
+                      fvalue, min, max, flags);
                    return 0;
                break;
            case 'E':
                flags |= DP_F_UP;
@ -359,9 +355,8 @@ _dopr(char **sbuffer,
                    fvalue = va_arg(args, double);
                break;
            case 'c':
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                doapr_outch(sbuffer, buffer, &currlen, maxlen,
-                            va_arg(args, int)))
+                            va_arg(args, int));
                    return 0;
                break;
            case 's':
                strvalue = va_arg(args, char *);
@ -371,15 +366,13 @@ _dopr(char **sbuffer,
                    else
                        max = *maxlen;
                }
-                if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
-                            flags, min, max))
+                       flags, min, max);
                    return 0;
                break;
            case 'p':
                value = (long)va_arg(args, void *);
-                if (!fmtint(sbuffer, buffer, &currlen, maxlen,
+                fmtint(sbuffer, buffer, &currlen, maxlen,
-                            value, 16, min, max, flags | DP_F_NUM))
+                       value, 16, min, max, flags | DP_F_NUM);
                    return 0;
                break;
            case 'n':          /* XXX */
                if (cflags == DP_C_SHORT) {
@ -401,8 +394,7 @@ _dopr(char **sbuffer,
                }
                break;
            case '%':
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
                    return 0;
                break;
            case 'w':
                /* not supported yet, treat as next char */
@ -426,56 +418,46 @@ _dopr(char **sbuffer,
    *truncated = (currlen > *maxlen - 1);
    if (*truncated)
        currlen = *maxlen - 1;
-    if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
        return 0;
    *retlen = currlen - 1;
-    return 1;
+    return;
 }
-static int
+static void
 fmtstr(char **sbuffer,
       char **buffer,
       size_t *currlen,
       size_t *maxlen, const char *value, int flags, int min, int max)
 {
-    int padlen;
+    int padlen, strln;
    size_t strln;
    int cnt = 0;
    if (value == 0)
        value = "<NULL>";
-
+    for (strln = 0; value[strln]; ++strln) ;
    strln = strlen(value);
    if (strln > INT_MAX)
        strln = INT_MAX;
    padlen = min - strln;
-    if (min < 0 || padlen < 0)
+    if (padlen < 0)
        padlen = 0;
    if (flags & DP_F_MINUS)
        padlen = -padlen;
    while ((padlen > 0) && (cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        --padlen;
        ++cnt;
    }
    while (*value && (cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
            return 0;
        ++cnt;
    }
    while ((padlen < 0) && (cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        ++padlen;
        ++cnt;
    }
    return 1;
 }
-static int
+static void
 fmtint(char **sbuffer,
       char **buffer,
       size_t *currlen,
@ -535,44 +517,37 @@ fmtint(char **sbuffer,
    /* spaces */
    while (spadlen > 0) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        --spadlen;
    }
    /* sign */
    if (signvalue)
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
            return 0;
    /* prefix */
    while (*prefix) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
            return 0;
        prefix++;
    }
    /* zeros */
    if (zpadlen > 0) {
        while (zpadlen > 0) {
-            if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
                return 0;
            --zpadlen;
        }
    }
    /* digits */
-    while (place > 0) {
+    while (place > 0)
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
            return 0;
    }
    /* left justified spaces */
    while (spadlen < 0) {
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        ++spadlen;
    }
-    return 1;
+    return;
 }
 static LDOUBLE abs_val(LDOUBLE value)
@ -603,7 +578,7 @@ static long roundv(LDOUBLE value)
    return intpart;
 }
-static int
+static void
 fmtfp(char **sbuffer,
      char **buffer,
      size_t *currlen,
@ -682,61 +657,47 @@ fmtfp(char **sbuffer,
    if ((flags & DP_F_ZERO) && (padlen > 0)) {
        if (signvalue) {
-            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
                return 0;
            --padlen;
            signvalue = 0;
        }
        while (padlen > 0) {
-            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
                return 0;
            --padlen;
        }
    }
    while (padlen > 0) {
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        --padlen;
    }
-    if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+    if (signvalue)
-        return 0;
+        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-    while (iplace > 0) {
+    while (iplace > 0)
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
            return 0;
    }
    /*
     * Decimal point. This should probably use locale to find the correct
     * char to print out.
     */
    if (max > 0 || (flags & DP_F_NUM)) {
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
            return 0;
-        while (fplace > 0) {
+        while (fplace > 0)
-            if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
+            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
                            fconvert[--fplace]))
                return 0;
        }
    }
    while (zpadlen > 0) {
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
            return 0;
        --zpadlen;
    }
    while (padlen < 0) {
-        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
            return 0;
        ++padlen;
    }
    return 1;
 }
-#define BUFFER_INC  1024
+static void
 static int
 doapr_outch(char **sbuffer,
            char **buffer, size_t *currlen, size_t *maxlen, int c)
 {
@ -747,25 +708,24 @@ doapr_outch(char **sbuffer,
    assert(*currlen <= *maxlen);
    if (buffer && *currlen == *maxlen) {
-        if (*maxlen > INT_MAX - BUFFER_INC)
+        *maxlen += 1024;
            return 0;
        *maxlen += BUFFER_INC;
        if (*buffer == NULL) {
            *buffer = OPENSSL_malloc(*maxlen);
-            if (*buffer == NULL)
+            if (!*buffer) {
-                return 0;
+                /* Panic! Can't really do anything sensible. Just return */
                return;
            }
            if (*currlen > 0) {
                assert(*sbuffer != NULL);
                memcpy(*buffer, *sbuffer, *currlen);
            }
            *sbuffer = NULL;
        } else {
-            char *tmpbuf;
+            *buffer = OPENSSL_realloc(*buffer, *maxlen);
-            tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
+            if (!*buffer) {
-            if (tmpbuf == NULL)
+                /* Panic! Can't really do anything sensible. Just return */
-                return 0;
+                return;
-            *buffer = tmpbuf;
+            }
        }
    }
@ -776,7 +736,7 @@ doapr_outch(char **sbuffer,
            (*buffer)[(*currlen)++] = (char)c;
    }
-    return 1;
+    return;
 }
 /***************************************************************************/
@ -808,11 +768,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
    dynbuf = NULL;
    CRYPTO_push_info("doapr()");
-    if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
+    _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
                args)) {
        OPENSSL_free(dynbuf);
        return -1;
    }
    if (dynbuf) {
        ret = BIO_write(bio, dynbuf, (int)retlen);
        OPENSSL_free(dynbuf);
@ -847,8 +803,7 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
    size_t retlen;
    int truncated;
-    if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
+    _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
        return -1;
    if (truncated)
        /*
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@ -478,7 +478,7 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 # define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
 # define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL)
 # define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
--- a/crypto/bn/Makefile
+++ b/crypto/bn/Makefile
@ -243,8 +243,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h
 bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
 bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
--- a/crypto/bn/asm/x86-mont.pl
+++ b/crypto/bn/asm/x86-mont.pl
@ -85,21 +85,6 @@ $frame=32;				# size of above frame rounded up to 16n
 	&and	("esp",-64);		# align to cache line
 	# Some OSes, *cough*-dows, insist on stack being "wired" to
 	# physical memory in strictly sequential manner, i.e. if stack
 	# allocation spans two pages, then reference to farmost one can
 	# be punishable by SEGV. But page walking can do good even on
 	# other OSes, because it guarantees that villain thread hits
 	# the guard page before it can make damage to innocent one...
 	&mov	("eax","ebp");
 	&sub	("eax","esp");
 	&and	("eax",-4096);
 &set_label("page_walk");
 	&mov	("edx",&DWP(0,"esp","eax"));
 	&sub	("eax",4096);
 	&data_byte(0x2e);
 	&jnc	(&label("page_walk"));
 	################################# load argument block...
 	&mov	("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
 	&mov	("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@ -91,20 +91,6 @@ bn_mul_mont:
 	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
 .Lmul_body:
 	# Some OSes, *cough*-dows, insist on stack being "wired" to
 	# physical memory in strictly sequential manner, i.e. if stack
 	# allocation spans two pages, then reference to farmost one can
 	# be punishable by SEGV. But page walking can do good even on
 	# other OSes, because it guarantees that villain thread hits
 	# the guard page before it can make damage to innocent one...
 	sub	%rsp,%r11
 	and	\$-4096,%r11
 .Lmul_page_walk:
 	mov	(%rsp,%r11),%r10
 	sub	\$4096,%r11
 	.byte	0x66,0x2e		# predict non-taken
 	jnc	.Lmul_page_walk
 	mov	$bp,%r12		# reassign $bp
 ___
 		$bp="%r12";
@ -310,14 +296,6 @@ bn_mul4x_mont:
 	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
 .Lmul4x_body:
 	sub	%rsp,%r11
 	and	\$-4096,%r11
 .Lmul4x_page_walk:
 	mov	(%rsp,%r11),%r10
 	sub	\$4096,%r11
 	.byte	0x2e			# predict non-taken
 	jnc	.Lmul4x_page_walk
 	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
 	mov	%rdx,%r12		# reassign $bp
 ___
@ -729,7 +707,6 @@ $code.=<<___;
 .align	16
 bn_sqr4x_mont:
 .Lsqr4x_enter:
 	mov	%rsp,%rax
 	push	%rbx
 	push	%rbp
 	push	%r12
@ -738,23 +715,12 @@ bn_sqr4x_mont:
 	push	%r15
 	shl	\$3,${num}d		# convert $num to bytes
 	xor	%r10,%r10
 	mov	%rsp,%r11		# put aside %rsp
-	neg	$num			# -$num
+	sub	$num,%r10		# -$num
 	mov	($n0),$n0		# *n0
-	lea	-72(%rsp,$num,2),%rsp	# alloca(frame+2*$num)
+	lea	-72(%rsp,%r10,2),%rsp	# alloca(frame+2*$num)
 	and	\$-1024,%rsp		# minimize TLB usage
 	sub	%rsp,%r11
 	and	\$-4096,%r11
 .Lsqr4x_page_walk:
 	mov	(%rsp,%r11),%r10
 	sub	\$4096,%r11
 	.byte	0x2e			# predict non-taken
 	jnc	.Lsqr4x_page_walk
 	mov	$num,%r10
 	neg	$num			# restore $num
 	lea	-48(%rax),%r11		# restore saved %rsp
 	##############################################################
 	# Stack layout
 	#
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
@ -66,127 +66,60 @@ bn_mul_mont_gather5:
 .align	16
 .Lmul_enter:
 	mov	${num}d,${num}d
-	movd	`($win64?56:8)`(%rsp),%xmm5	# load 7th argument
+	mov	`($win64?56:8)`(%rsp),%r10d	# load 7th argument
 	lea	.Linc(%rip),%r10
 	push	%rbx
 	push	%rbp
 	push	%r12
 	push	%r13
 	push	%r14
 	push	%r15
-
+___
 $code.=<<___ if ($win64);
 	lea	-0x28(%rsp),%rsp
 	movaps	%xmm6,(%rsp)
 	movaps	%xmm7,0x10(%rsp)
 .Lmul_alloca:
 ___
 $code.=<<___;
 	mov	%rsp,%rax
 	lea	2($num),%r11
 	neg	%r11
-	lea	-264(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+2)+256+8)
+	lea	(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+2))
 	and	\$-1024,%rsp		# minimize TLB usage
 	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
 .Lmul_body:
-	# Some OSes, *cough*-dows, insist on stack being "wired" to
+	mov	$bp,%r12		# reassign $bp
 	# physical memory in strictly sequential manner, i.e. if stack
 	# allocation spans two pages, then reference to farmost one can
 	# be punishable by SEGV. But page walking can do good even on
 	# other OSes, because it guarantees that villain thread hits
 	# the guard page before it can make damage to innocent one...
 	sub	%rsp,%rax
 	and	\$-4096,%rax
 .Lmul_page_walk:
 	mov	(%rsp,%rax),%r11
 	sub	\$4096,%rax
 	.byte	0x2e			# predict non-taken
 	jnc	.Lmul_page_walk
 	lea	128($bp),%r12		# reassign $bp (+size optimization)
 ___
 		$bp="%r12";
 		$STRIDE=2**5*8;		# 5 is "window size"
 		$N=$STRIDE/4;		# should match cache line size
 $code.=<<___;
-	movdqa	0(%r10),%xmm0		# 00000001000000010000000000000000
+	mov	%r10,%r11
-	movdqa	16(%r10),%xmm1		# 00000002000000020000000200000002
+	shr	\$`log($N/8)/log(2)`,%r10
-	lea	24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization)
+	and	\$`$N/8-1`,%r11
-	and	\$-16,%r10
+	not	%r10
 	lea	.Lmagic_masks(%rip),%rax
 	and	\$`2**5/($N/8)-1`,%r10	# 5 is "window size"
 	lea	96($bp,%r11,8),$bp	# pointer within 1st cache line
 	movq	0(%rax,%r10,8),%xmm4	# set of masks denoting which
 	movq	8(%rax,%r10,8),%xmm5	# cache line contains element
 	movq	16(%rax,%r10,8),%xmm6	# denoted by 7th argument
 	movq	24(%rax,%r10,8),%xmm7
-	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movdqa	%xmm1,%xmm4
+	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	movdqa	%xmm1,%xmm2
+	pand	%xmm4,%xmm0
-___
+	movq	`2*$STRIDE/4-96`($bp),%xmm2
-########################################################################
+	pand	%xmm5,%xmm1
-# calculate mask by comparing 0..31 to index and save result to stack
+	movq	`3*$STRIDE/4-96`($bp),%xmm3
-#
+	pand	%xmm6,%xmm2
 $code.=<<___;
 	paddd	%xmm0,%xmm1
 	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
 	.byte	0x67
 	movdqa	%xmm4,%xmm3
 ___
 for($k=0;$k<$STRIDE/16-4;$k+=4) {
 $code.=<<___;
 	paddd	%xmm1,%xmm2
 	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
 	movdqa	%xmm0,`16*($k+0)+112`(%r10)
 	movdqa	%xmm4,%xmm0
 	paddd	%xmm2,%xmm3
 	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
 	movdqa	%xmm1,`16*($k+1)+112`(%r10)
 	movdqa	%xmm4,%xmm1
 	paddd	%xmm3,%xmm0
 	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
 	movdqa	%xmm2,`16*($k+2)+112`(%r10)
 	movdqa	%xmm4,%xmm2
 	paddd	%xmm0,%xmm1
 	pcmpeqd	%xmm5,%xmm0
 	movdqa	%xmm3,`16*($k+3)+112`(%r10)
 	movdqa	%xmm4,%xmm3
 ___
 }
 $code.=<<___;				# last iteration can be optimized
 	paddd	%xmm1,%xmm2
 	pcmpeqd	%xmm5,%xmm1
 	movdqa	%xmm0,`16*($k+0)+112`(%r10)
 	paddd	%xmm2,%xmm3
 	.byte	0x67
 	pcmpeqd	%xmm5,%xmm2
 	movdqa	%xmm1,`16*($k+1)+112`(%r10)
 	pcmpeqd	%xmm5,%xmm3
 	movdqa	%xmm2,`16*($k+2)+112`(%r10)
 	pand	`16*($k+0)-128`($bp),%xmm0	# while it's still in register
 	pand	`16*($k+1)-128`($bp),%xmm1
 	pand	`16*($k+2)-128`($bp),%xmm2
 	movdqa	%xmm3,`16*($k+3)+112`(%r10)
 	pand	`16*($k+3)-128`($bp),%xmm3
 	por	%xmm2,%xmm0
 	por	%xmm3,%xmm1
 ___
 for($k=0;$k<$STRIDE/16-4;$k+=4) {
 $code.=<<___;
 	movdqa	`16*($k+0)-128`($bp),%xmm4
 	movdqa	`16*($k+1)-128`($bp),%xmm5
 	movdqa	`16*($k+2)-128`($bp),%xmm2
 	pand	`16*($k+0)+112`(%r10),%xmm4
 	movdqa	`16*($k+3)-128`($bp),%xmm3
 	pand	`16*($k+1)+112`(%r10),%xmm5
 	por	%xmm4,%xmm0
 	pand	`16*($k+2)+112`(%r10),%xmm2
 	por	%xmm5,%xmm1
 	pand	`16*($k+3)+112`(%r10),%xmm3
 	por	%xmm2,%xmm0
 	por	%xmm3,%xmm1
 ___
 }
 $code.=<<___;
 	por	%xmm1,%xmm0
 	pshufd	\$0x4e,%xmm0,%xmm1
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
 	por	%xmm3,%xmm0
 	movq	%xmm0,$m0		# m0=bp[0]
 	mov	($n0),$n0		# pull n0[0] value
@ -195,14 +128,29 @@ $code.=<<___;
 	xor	$i,$i			# i=0
 	xor	$j,$j			# j=0
 	movq	`0*$STRIDE/4-96`($bp),%xmm0
 	movq	`1*$STRIDE/4-96`($bp),%xmm1
 	pand	%xmm4,%xmm0
 	movq	`2*$STRIDE/4-96`($bp),%xmm2
 	pand	%xmm5,%xmm1
 	mov	$n0,$m1
 	mulq	$m0			# ap[0]*bp[0]
 	mov	%rax,$lo0
 	mov	($np),%rax
 	movq	`3*$STRIDE/4-96`($bp),%xmm3
 	pand	%xmm6,%xmm2
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	imulq	$lo0,$m1		# "tp[0]"*n0
 	mov	%rdx,$hi0
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
 	por	%xmm3,%xmm0
 	mulq	$m1			# np[0]*m1
 	add	%rax,$lo0		# discarded
 	mov	8($ap),%rax
@ -235,6 +183,8 @@ $code.=<<___;
 	cmp	$num,$j
 	jne	.L1st
 	movq	%xmm0,$m0		# bp[1]
 	add	%rax,$hi1
 	mov	($ap),%rax		# ap[0]
 	adc	\$0,%rdx
@ -254,46 +204,33 @@ $code.=<<___;
 	jmp	.Louter
 .align	16
 .Louter:
 	lea	24+128(%rsp,$num,8),%rdx	# where 256-byte mask is (+size optimization)
 	and	\$-16,%rdx
 	pxor	%xmm4,%xmm4
 	pxor	%xmm5,%xmm5
 ___
 for($k=0;$k<$STRIDE/16;$k+=4) {
 $code.=<<___;
 	movdqa	`16*($k+0)-128`($bp),%xmm0
 	movdqa	`16*($k+1)-128`($bp),%xmm1
 	movdqa	`16*($k+2)-128`($bp),%xmm2
 	movdqa	`16*($k+3)-128`($bp),%xmm3
 	pand	`16*($k+0)-128`(%rdx),%xmm0
 	pand	`16*($k+1)-128`(%rdx),%xmm1
 	por	%xmm0,%xmm4
 	pand	`16*($k+2)-128`(%rdx),%xmm2
 	por	%xmm1,%xmm5
 	pand	`16*($k+3)-128`(%rdx),%xmm3
 	por	%xmm2,%xmm4
 	por	%xmm3,%xmm5
 ___
 }
 $code.=<<___;
 	por	%xmm5,%xmm4
 	pshufd	\$0x4e,%xmm4,%xmm0
 	por	%xmm4,%xmm0
 	lea	$STRIDE($bp),$bp
 	movq	%xmm0,$m0		# m0=bp[i]
 	xor	$j,$j			# j=0
 	mov	$n0,$m1
 	mov	(%rsp),$lo0
 	movq	`0*$STRIDE/4-96`($bp),%xmm0
 	movq	`1*$STRIDE/4-96`($bp),%xmm1
 	pand	%xmm4,%xmm0
 	movq	`2*$STRIDE/4-96`($bp),%xmm2
 	pand	%xmm5,%xmm1
 	mulq	$m0			# ap[0]*bp[i]
 	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
 	mov	($np),%rax
 	adc	\$0,%rdx
 	movq	`3*$STRIDE/4-96`($bp),%xmm3
 	pand	%xmm6,%xmm2
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	imulq	$lo0,$m1		# tp[0]*n0
 	mov	%rdx,$hi0
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
 	por	%xmm3,%xmm0
 	mulq	$m1			# np[0]*m1
 	add	%rax,$lo0		# discarded
 	mov	8($ap),%rax
@ -329,6 +266,8 @@ $code.=<<___;
 	cmp	$num,$j
 	jne	.Linner
 	movq	%xmm0,$m0		# bp[i+1]
 	add	%rax,$hi1
 	mov	($ap),%rax		# ap[0]
 	adc	\$0,%rdx
@ -382,7 +321,13 @@ $code.=<<___;
 	mov	8(%rsp,$num,8),%rsi	# restore %rsp
 	mov	\$1,%rax
-
+___
 $code.=<<___ if ($win64);
 	movaps	(%rsi),%xmm6
 	movaps	0x10(%rsi),%xmm7
 	lea	0x28(%rsi),%rsi
 ___
 $code.=<<___;
 	mov	(%rsi),%r15
 	mov	8(%rsi),%r14
 	mov	16(%rsi),%r13
@ -403,138 +348,91 @@ $code.=<<___;
 bn_mul4x_mont_gather5:
 .Lmul4x_enter:
 	mov	${num}d,${num}d
-	movd	`($win64?56:8)`(%rsp),%xmm5	# load 7th argument
+	mov	`($win64?56:8)`(%rsp),%r10d	# load 7th argument
 	lea	.Linc(%rip),%r10
 	push	%rbx
 	push	%rbp
 	push	%r12
 	push	%r13
 	push	%r14
 	push	%r15
-
+___
 $code.=<<___ if ($win64);
 	lea	-0x28(%rsp),%rsp
 	movaps	%xmm6,(%rsp)
 	movaps	%xmm7,0x10(%rsp)
 .Lmul4x_alloca:
 ___
 $code.=<<___;
 	mov	%rsp,%rax
 	lea	4($num),%r11
 	neg	%r11
-	lea	-256(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+4)+256)
+	lea	(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+4))
 	and	\$-1024,%rsp		# minimize TLB usage
 	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
 .Lmul4x_body:
 	sub	%rsp,%rax
 	and	\$-4096,%rax
 .Lmul4x_page_walk:
 	mov	(%rsp,%rax),%r11
 	sub	\$4096,%rax
 	.byte	0x2e			# predict non-taken
 	jnc	.Lmul4x_page_walk
 	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
-	lea	128(%rdx),%r12		# reassign $bp (+size optimization)
+	mov	%rdx,%r12		# reassign $bp
 ___
 		$bp="%r12";
 		$STRIDE=2**5*8;		# 5 is "window size"
 		$N=$STRIDE/4;		# should match cache line size
 $code.=<<___;
-	movdqa	0(%r10),%xmm0		# 00000001000000010000000000000000
+	mov	%r10,%r11
-	movdqa	16(%r10),%xmm1		# 00000002000000020000000200000002
+	shr	\$`log($N/8)/log(2)`,%r10
-	lea	32-112(%rsp,$num,8),%r10# place the mask after tp[num+4] (+ICache optimization)
+	and	\$`$N/8-1`,%r11
 	not	%r10
 	lea	.Lmagic_masks(%rip),%rax
 	and	\$`2**5/($N/8)-1`,%r10	# 5 is "window size"
 	lea	96($bp,%r11,8),$bp	# pointer within 1st cache line
 	movq	0(%rax,%r10,8),%xmm4	# set of masks denoting which
 	movq	8(%rax,%r10,8),%xmm5	# cache line contains element
 	movq	16(%rax,%r10,8),%xmm6	# denoted by 7th argument
 	movq	24(%rax,%r10,8),%xmm7
-	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movdqa	%xmm1,%xmm4
+	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	.byte	0x67,0x67
+	pand	%xmm4,%xmm0
-	movdqa	%xmm1,%xmm2
+	movq	`2*$STRIDE/4-96`($bp),%xmm2
-___
+	pand	%xmm5,%xmm1
-########################################################################
+	movq	`3*$STRIDE/4-96`($bp),%xmm3
-# calculate mask by comparing 0..31 to index and save result to stack
+	pand	%xmm6,%xmm2
 #
 $code.=<<___;
 	paddd	%xmm0,%xmm1
 	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
 	.byte	0x67
 	movdqa	%xmm4,%xmm3
 ___
 for($k=0;$k<$STRIDE/16-4;$k+=4) {
 $code.=<<___;
 	paddd	%xmm1,%xmm2
 	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
 	movdqa	%xmm0,`16*($k+0)+112`(%r10)
 	movdqa	%xmm4,%xmm0
 	paddd	%xmm2,%xmm3
 	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
 	movdqa	%xmm1,`16*($k+1)+112`(%r10)
 	movdqa	%xmm4,%xmm1
 	paddd	%xmm3,%xmm0
 	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
 	movdqa	%xmm2,`16*($k+2)+112`(%r10)
 	movdqa	%xmm4,%xmm2
 	paddd	%xmm0,%xmm1
 	pcmpeqd	%xmm5,%xmm0
 	movdqa	%xmm3,`16*($k+3)+112`(%r10)
 	movdqa	%xmm4,%xmm3
 ___
 }
 $code.=<<___;				# last iteration can be optimized
 	paddd	%xmm1,%xmm2
 	pcmpeqd	%xmm5,%xmm1
 	movdqa	%xmm0,`16*($k+0)+112`(%r10)
 	paddd	%xmm2,%xmm3
 	.byte	0x67
 	pcmpeqd	%xmm5,%xmm2
 	movdqa	%xmm1,`16*($k+1)+112`(%r10)
 	pcmpeqd	%xmm5,%xmm3
 	movdqa	%xmm2,`16*($k+2)+112`(%r10)
 	pand	`16*($k+0)-128`($bp),%xmm0	# while it's still in register
 	pand	`16*($k+1)-128`($bp),%xmm1
 	pand	`16*($k+2)-128`($bp),%xmm2
 	movdqa	%xmm3,`16*($k+3)+112`(%r10)
 	pand	`16*($k+3)-128`($bp),%xmm3
 	por	%xmm2,%xmm0
 	por	%xmm3,%xmm1
 ___
 for($k=0;$k<$STRIDE/16-4;$k+=4) {
 $code.=<<___;
 	movdqa	`16*($k+0)-128`($bp),%xmm4
 	movdqa	`16*($k+1)-128`($bp),%xmm5
 	movdqa	`16*($k+2)-128`($bp),%xmm2
 	pand	`16*($k+0)+112`(%r10),%xmm4
 	movdqa	`16*($k+3)-128`($bp),%xmm3
 	pand	`16*($k+1)+112`(%r10),%xmm5
 	por	%xmm4,%xmm0
 	pand	`16*($k+2)+112`(%r10),%xmm2
 	por	%xmm5,%xmm1
 	pand	`16*($k+3)+112`(%r10),%xmm3
 	por	%xmm2,%xmm0
 	por	%xmm3,%xmm1
 ___
 }
 $code.=<<___;
 	por	%xmm1,%xmm0
 	pshufd	\$0x4e,%xmm0,%xmm1
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
-	movq	%xmm0,$m0		# m0=bp[0]
+	por	%xmm3,%xmm0
 	movq	%xmm0,$m0		# m0=bp[0]
 	mov	($n0),$n0		# pull n0[0] value
 	mov	($ap),%rax
 	xor	$i,$i			# i=0
 	xor	$j,$j			# j=0
 	movq	`0*$STRIDE/4-96`($bp),%xmm0
 	movq	`1*$STRIDE/4-96`($bp),%xmm1
 	pand	%xmm4,%xmm0
 	movq	`2*$STRIDE/4-96`($bp),%xmm2
 	pand	%xmm5,%xmm1
 	mov	$n0,$m1
 	mulq	$m0			# ap[0]*bp[0]
 	mov	%rax,$A[0]
 	mov	($np),%rax
 	movq	`3*$STRIDE/4-96`($bp),%xmm3
 	pand	%xmm6,%xmm2
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	imulq	$A[0],$m1		# "tp[0]"*n0
 	mov	%rdx,$A[1]
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
 	por	%xmm3,%xmm0
 	mulq	$m1			# np[0]*m1
 	add	%rax,$A[0]		# discarded
 	mov	8($ap),%rax
@ -652,6 +550,8 @@ $code.=<<___;
 	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
 	mov	%rdx,$N[0]
 	movq	%xmm0,$m0		# bp[1]
 	xor	$N[1],$N[1]
 	add	$A[0],$N[0]
 	adc	\$0,$N[1]
@ -661,34 +561,12 @@ $code.=<<___;
 	lea	1($i),$i		# i++
 .align	4
 .Louter4x:
 	lea	32+128(%rsp,$num,8),%rdx	# where 256-byte mask is (+size optimization)
 	pxor	%xmm4,%xmm4
 	pxor	%xmm5,%xmm5
 ___
 for($k=0;$k<$STRIDE/16;$k+=4) {
 $code.=<<___;
 	movdqa	`16*($k+0)-128`($bp),%xmm0
 	movdqa	`16*($k+1)-128`($bp),%xmm1
 	movdqa	`16*($k+2)-128`($bp),%xmm2
 	movdqa	`16*($k+3)-128`($bp),%xmm3
 	pand	`16*($k+0)-128`(%rdx),%xmm0
 	pand	`16*($k+1)-128`(%rdx),%xmm1
 	por	%xmm0,%xmm4
 	pand	`16*($k+2)-128`(%rdx),%xmm2
 	por	%xmm1,%xmm5
 	pand	`16*($k+3)-128`(%rdx),%xmm3
 	por	%xmm2,%xmm4
 	por	%xmm3,%xmm5
 ___
 }
 $code.=<<___;
 	por	%xmm5,%xmm4
 	pshufd	\$0x4e,%xmm4,%xmm0
 	por	%xmm4,%xmm0
 	lea	$STRIDE($bp),$bp
 	movq	%xmm0,$m0		# m0=bp[i]
 	xor	$j,$j			# j=0
 	movq	`0*$STRIDE/4-96`($bp),%xmm0
 	movq	`1*$STRIDE/4-96`($bp),%xmm1
 	pand	%xmm4,%xmm0
 	movq	`2*$STRIDE/4-96`($bp),%xmm2
 	pand	%xmm5,%xmm1
 	mov	(%rsp),$A[0]
 	mov	$n0,$m1
@ -697,9 +575,18 @@ $code.=<<___;
 	mov	($np),%rax
 	adc	\$0,%rdx
 	movq	`3*$STRIDE/4-96`($bp),%xmm3
 	pand	%xmm6,%xmm2
 	por	%xmm1,%xmm0
 	pand	%xmm7,%xmm3
 	imulq	$A[0],$m1		# tp[0]*n0
 	mov	%rdx,$A[1]
 	por	%xmm2,%xmm0
 	lea	$STRIDE($bp),$bp
 	por	%xmm3,%xmm0
 	mulq	$m1			# np[0]*m1
 	add	%rax,$A[0]		# "$N[0]", discarded
 	mov	8($ap),%rax
@ -831,6 +718,7 @@ $code.=<<___;
 	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
 	mov	%rdx,$N[0]
 	movq	%xmm0,$m0		# bp[i+1]
 	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
 	xor	$N[1],$N[1]
@ -921,7 +809,13 @@ ___
 $code.=<<___;
 	mov	8(%rsp,$num,8),%rsi	# restore %rsp
 	mov	\$1,%rax
-
+___
 $code.=<<___ if ($win64);
 	movaps	(%rsi),%xmm6
 	movaps	0x10(%rsi),%xmm7
 	lea	0x28(%rsi),%rsi
 ___
 $code.=<<___;
 	mov	(%rsi),%r15
 	mov	8(%rsi),%r14
 	mov	16(%rsi),%r13
@ -936,8 +830,8 @@ ___
 }}}
 {
-my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9d") : # Win64 order
+my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
-				("%rdi","%rsi","%rdx","%ecx"); # Unix order
+				("%rdi","%rsi","%rdx","%rcx"); # Unix order
 my $out=$inp;
 my $STRIDE=2**5*8;
 my $N=$STRIDE/4;
@ -965,89 +859,53 @@ bn_scatter5:
 .type	bn_gather5,\@abi-omnipotent
 .align	16
 bn_gather5:
-.LSEH_begin_bn_gather5:			# Win64 thing, but harmless in other cases
+___
 $code.=<<___ if ($win64);
 .LSEH_begin_bn_gather5:
 	# I can't trust assembler to use specific encoding:-(
-	.byte	0x4c,0x8d,0x14,0x24			# lea    (%rsp),%r10
+	.byte	0x48,0x83,0xec,0x28		#sub	\$0x28,%rsp
-	.byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00	# sub	$0x108,%rsp
+	.byte	0x0f,0x29,0x34,0x24		#movaps	%xmm6,(%rsp)
-	lea	.Linc(%rip),%rax
+	.byte	0x0f,0x29,0x7c,0x24,0x10	#movdqa	%xmm7,0x10(%rsp)
 	and	\$-16,%rsp		# shouldn't be formally required
 	movd	$idx,%xmm5
 	movdqa	0(%rax),%xmm0		# 00000001000000010000000000000000
 	movdqa	16(%rax),%xmm1		# 00000002000000020000000200000002
 	lea	128($tbl),%r11		# size optimization
 	lea	128(%rsp),%rax		# size optimization
 	pshufd	\$0,%xmm5,%xmm5		# broadcast $idx
 	movdqa	%xmm1,%xmm4
 	movdqa	%xmm1,%xmm2
 ___
 ########################################################################
 # calculate mask by comparing 0..31 to $idx and save result to stack
 #
 for($i=0;$i<$STRIDE/16;$i+=4) {
 $code.=<<___;
 	paddd	%xmm0,%xmm1
 	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
 ___
 $code.=<<___	if ($i);
 	movdqa	%xmm3,`16*($i-1)-128`(%rax)
 ___
 $code.=<<___;
-	movdqa	%xmm4,%xmm3
+	mov	$idx,%r11
-
+	shr	\$`log($N/8)/log(2)`,$idx
-	paddd	%xmm1,%xmm2
+	and	\$`$N/8-1`,%r11
-	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	not	$idx
-	movdqa	%xmm0,`16*($i+0)-128`(%rax)
+	lea	.Lmagic_masks(%rip),%rax
-	movdqa	%xmm4,%xmm0
+	and	\$`2**5/($N/8)-1`,$idx	# 5 is "window size"
-
+	lea	96($tbl,%r11,8),$tbl	# pointer within 1st cache line
-	paddd	%xmm2,%xmm3
+	movq	0(%rax,$idx,8),%xmm4	# set of masks denoting which
-	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movq	8(%rax,$idx,8),%xmm5	# cache line contains element
-	movdqa	%xmm1,`16*($i+1)-128`(%rax)
+	movq	16(%rax,$idx,8),%xmm6	# denoted by 7th argument
-	movdqa	%xmm4,%xmm1
+	movq	24(%rax,$idx,8),%xmm7
 	paddd	%xmm3,%xmm0
 	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
 	movdqa	%xmm2,`16*($i+2)-128`(%rax)
 	movdqa	%xmm4,%xmm2
 ___
 }
 $code.=<<___;
 	movdqa	%xmm3,`16*($i-1)-128`(%rax)
 	jmp	.Lgather
-
+.align	16
 .align	32
 .Lgather:
-	pxor	%xmm4,%xmm4
+	movq	`0*$STRIDE/4-96`($tbl),%xmm0
-	pxor	%xmm5,%xmm5
+	movq	`1*$STRIDE/4-96`($tbl),%xmm1
-___
+	pand	%xmm4,%xmm0
-for($i=0;$i<$STRIDE/16;$i+=4) {
+	movq	`2*$STRIDE/4-96`($tbl),%xmm2
-$code.=<<___;
+	pand	%xmm5,%xmm1
-	movdqa	`16*($i+0)-128`(%r11),%xmm0
+	movq	`3*$STRIDE/4-96`($tbl),%xmm3
-	movdqa	`16*($i+1)-128`(%r11),%xmm1
+	pand	%xmm6,%xmm2
-	movdqa	`16*($i+2)-128`(%r11),%xmm2
+	por	%xmm1,%xmm0
-	pand	`16*($i+0)-128`(%rax),%xmm0
+	pand	%xmm7,%xmm3
-	movdqa	`16*($i+3)-128`(%r11),%xmm3
+	por	%xmm2,%xmm0
-	pand	`16*($i+1)-128`(%rax),%xmm1
+	lea	$STRIDE($tbl),$tbl
-	por	%xmm0,%xmm4
+	por	%xmm3,%xmm0
-	pand	`16*($i+2)-128`(%rax),%xmm2
+
 	por	%xmm1,%xmm5
 	pand	`16*($i+3)-128`(%rax),%xmm3
 	por	%xmm2,%xmm4
 	por	%xmm3,%xmm5
 ___
 }
 $code.=<<___;
 	por	%xmm5,%xmm4
 	lea	$STRIDE(%r11),%r11
 	pshufd	\$0x4e,%xmm4,%xmm0
 	por	%xmm4,%xmm0
 	movq	%xmm0,($out)		# m0=bp[0]
 	lea	8($out),$out
 	sub	\$1,$num
 	jnz	.Lgather
-
+___
-	lea	(%r10),%rsp
+$code.=<<___ if ($win64);
 	movaps	(%rsp),%xmm6
 	movaps	0x10(%rsp),%xmm7
 	lea	0x28(%rsp),%rsp
 ___
 $code.=<<___;
 	ret
 .LSEH_end_bn_gather5:
 .size	bn_gather5,.-bn_gather5
@ -1055,9 +913,9 @@ ___
 }
 $code.=<<___;
 .align	64
-.Linc:
+.Lmagic_masks:
-	.long	0,0, 1,1
+	.long	0,0, 0,0, 0,0, -1,-1
-	.long	2,2, 2,2
+	.long	0,0, 0,0, 0,0,  0,0
 .asciz	"Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
 ___
@ -1096,7 +954,7 @@ mul_handler:
 	cmp	%r10,%rbx		# context->Rip<end of prologue label
 	jb	.Lcommon_seh_tail
-	lea	48(%rax),%rax
+	lea	`40+48`(%rax),%rax
 	mov	4(%r11),%r10d		# HandlerData[1]
 	lea	(%rsi,%r10),%r10	# end of alloca label
@ -1113,7 +971,9 @@ mul_handler:
 	mov	192($context),%r10	# pull $num
 	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
-	lea	48(%rax),%rax
+	movaps	(%rax),%xmm0
 	movaps	16(%rax),%xmm1
 	lea	`40+48`(%rax),%rax
 	mov	-8(%rax),%rbx
 	mov	-16(%rax),%rbp
@ -1127,6 +987,8 @@ mul_handler:
 	mov	%r13,224($context)	# restore context->R13
 	mov	%r14,232($context)	# restore context->R14
 	mov	%r15,240($context)	# restore context->R15
 	movups	%xmm0,512($context)	# restore context->Xmm6
 	movups	%xmm1,528($context)	# restore context->Xmm7
 .Lcommon_seh_tail:
 	mov	8(%rax),%rdi
@ -1195,9 +1057,10 @@ mul_handler:
 	.rva	.Lmul4x_alloca,.Lmul4x_body,.Lmul4x_epilogue	# HandlerData[]
 .align	8
 .LSEH_info_bn_gather5:
-	.byte	0x01,0x0b,0x03,0x0a
+        .byte   0x01,0x0d,0x05,0x00
-	.byte	0x0b,0x01,0x21,0x00	# sub	rsp,0x108
+        .byte   0x0d,0x78,0x01,0x00	#movaps	0x10(rsp),xmm7
-	.byte	0x04,0xa3,0x00,0x00	# lea	r10,(rsp), set_frame r10
+        .byte   0x08,0x68,0x00,0x00	#movaps	(rsp),xmm6
        .byte   0x04,0x42,0x00,0x00	#sub	rsp,0x28
 .align	8
 ___
 }
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@ -125,7 +125,6 @@
 #ifndef HEADER_BN_H
 # define HEADER_BN_H
 # include <limits.h>
 # include <openssl/e_os2.h>
 # ifndef OPENSSL_NO_FP_API
 #  include <stdio.h>            /* FILE */
@ -740,17 +739,8 @@ const BIGNUM *BN_get0_nist_prime_521(void);
 /* library internal functions */
-# define bn_expand(a,bits) \
+# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-    ( \
+        (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
        bits > (INT_MAX - BN_BITS2 + 1) ? \
            NULL \
        : \
            (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
                (a) \
            : \
                bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
    )
 # define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
 # ifndef OPENSSL_NO_DEPRECATED
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@ -110,7 +110,6 @@
 */
 #include "cryptlib.h"
 #include "constant_time_locl.h"
 #include "bn_lcl.h"
 #include <stdlib.h>
@ -547,17 +546,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
                                        unsigned char *buf, int idx,
-                                        int window)
+                                        int width)
 {
-    int i, j;
+    size_t i, j;
    int width = 1 << window;
    BN_ULONG *table = (BN_ULONG *)buf;
    if (top > b->top)
        top = b->top;           /* this works because 'buf' is explicitly
                                 * zeroed */
-    for (i = 0, j = idx; i < top; i++, j += width) {
+    for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
-        table[j] = b->d[i];
+        buf[j] = ((unsigned char *)b->d)[i];
    }
    return 1;
@ -565,51 +562,15 @@ static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
 static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
                                          unsigned char *buf, int idx,
-                                          int window)
+                                          int width)
 {
-    int i, j;
+    size_t i, j;
    int width = 1 << window;
    volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
    if (bn_wexpand(b, top) == NULL)
        return 0;
-    if (window <= 3) {
+    for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
-        for (i = 0; i < top; i++, table += width) {
+        ((unsigned char *)b->d)[i] = buf[j];
            BN_ULONG acc = 0;
            for (j = 0; j < width; j++) {
                acc |= table[j] &
                       ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
            }
            b->d[i] = acc;
        }
    } else {
        int xstride = 1 << (window - 2);
        BN_ULONG y0, y1, y2, y3;
        i = idx >> (window - 2);        /* equivalent of idx / xstride */
        idx &= xstride - 1;             /* equivalent of idx % xstride */
        y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
        y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
        y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
        y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
        for (i = 0; i < top; i++, table += width) {
            BN_ULONG acc = 0;
            for (j = 0; j < xstride; j++) {
                acc |= ( (table[j + 0 * xstride] & y0) |
                         (table[j + 1 * xstride] & y1) |
                         (table[j + 2 * xstride] & y2) |
                         (table[j + 3 * xstride] & y3) )
                       & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
            }
            b->d[i] = acc;
        }
    }
    b->top = top;
@ -839,9 +800,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    } else
 #endif
    {
-        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers))
            goto err;
-        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers))
            goto err;
        /*
@ -853,15 +814,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        if (window > 1) {
            if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
                goto err;
-            if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
+            if (!MOD_EXP_CTIME_COPY_TO_PREBUF
-                                              window))
+                (&tmp, top, powerbuf, 2, numPowers))
                goto err;
            for (i = 3; i < numPowers; i++) {
                /* Calculate a^i = a^(i-1) * a */
                if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
                    goto err;
-                if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
+                if (!MOD_EXP_CTIME_COPY_TO_PREBUF
-                                                  window))
+                    (&tmp, top, powerbuf, i, numPowers))
                    goto err;
            }
        }
@ -869,8 +830,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        bits--;
        for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
+        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
-                                            window))
+            (&tmp, top, powerbuf, wvalue, numPowers))
            goto err;
        /*
@ -890,8 +851,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
            /*
             * Fetch the appropriate pre-computed value from the pre-buf
             */
-            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
+            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
-                                                window))
+                (&am, top, powerbuf, wvalue, numPowers))
                goto err;
            /* Multiply the result into the intermediate result */
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@ -58,7 +58,6 @@
 #include <stdio.h>
 #include <ctype.h>
 #include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include "bn_lcl.h"
@ -190,11 +189,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
        a++;
    }
-    for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
+    for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
        continue;
    if (i > INT_MAX/4)
        goto err;
    num = i + neg;
    if (bn == NULL)
@ -209,7 +204,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
        BN_zero(ret);
    }
-    /* i is the number of hex digits */
+    /* i is the number of hex digests; */
    if (bn_expand(ret, i * 4) == NULL)
        goto err;
@ -265,11 +260,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
        a++;
    }
-    for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
+    for (i = 0; isdigit((unsigned char)a[i]); i++) ;
        continue;
    if (i > INT_MAX/4)
        goto err;
    num = i + neg;
    if (bn == NULL)
@ -287,7 +278,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
        BN_zero(ret);
    }
-    /* i is the number of digits, a bit of an over expand */
+    /* i is the number of digests, a bit of an over expand; */
    if (bn_expand(ret, i * 4) == NULL)
        goto err;
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@ -65,7 +65,6 @@ void BN_RECP_CTX_init(BN_RECP_CTX *recp)
    BN_init(&(recp->N));
    BN_init(&(recp->Nr));
    recp->num_bits = 0;
    recp->shift = 0;
    recp->flags = 0;
 }
--- a/crypto/comp/comp.h
+++ b/crypto/comp/comp.h
@ -4,10 +4,6 @@
 # include <openssl/crypto.h>
 # ifdef OPENSSL_NO_COMP
 #  error COMP is disabled.
 # endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@ -191,8 +191,6 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
    STACK_OF(ASN1_TYPE) *ndsa = NULL;
    DSA *dsa = NULL;
    int ret = 0;
    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
        return 0;
    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
@ -264,21 +262,23 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
    }
    EVP_PKEY_assign_DSA(pkey, dsa);
    ret = 1;
    goto done;
 decerr:
    DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
 dsaerr:
    DSA_free(dsa);
 done:
    BN_CTX_free(ctx);
    if (ndsa)
        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
    else
        ASN1_STRING_clear_free(privkey);
-    return ret;
+
    return 1;
 decerr:
    DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
 dsaerr:
    BN_CTX_free(ctx);
    if (privkey)
        ASN1_STRING_clear_free(privkey);
    sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
    DSA_free(dsa);
    return 0;
 }
 static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@ -200,10 +200,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
    }
 #endif
    if (ctx->digest != type) {
-        if (ctx->digest && ctx->digest->ctx_size) {
+        if (ctx->digest && ctx->digest->ctx_size)
            OPENSSL_free(ctx->md_data);
            ctx->md_data = NULL;
        }
        ctx->digest = type;
        if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
            ctx->update = type->update;
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@ -57,7 +57,6 @@
 */
 #include <stdio.h>
 #include <limits.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
@ -152,13 +151,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                      const unsigned char *in, int inl)
 {
    int i, j;
-    size_t total = 0;
+    unsigned int total = 0;
    *outl = 0;
    if (inl <= 0)
        return;
    OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-    if (ctx->length - ctx->num > inl) {
+    if ((ctx->num + inl) < ctx->length) {
        memcpy(&(ctx->enc_data[ctx->num]), in, inl);
        ctx->num += inl;
        return;
@ -175,7 +174,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
        *out = '\0';
        total = j + 1;
    }
-    while (inl >= ctx->length && total <= INT_MAX) {
+    while (inl >= ctx->length) {
        j = EVP_EncodeBlock(out, in, ctx->length);
        in += ctx->length;
        inl -= ctx->length;
@ -184,11 +183,6 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
        *out = '\0';
        total += j + 1;
    }
    if (total > INT_MAX) {
        /* Too much output data! */
        *outl = 0;
        return;
    }
    if (inl != 0)
        memcpy(&(ctx->enc_data[0]), in, inl);
    ctx->num = inl;
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@ -334,7 +334,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
    bl = ctx->cipher->block_size;
    OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
    if (i != 0) {
-        if (bl - i > inl) {
+        if (i + inl < bl) {
            memcpy(&(ctx->buf[i]), in, inl);
            ctx->buf_len += inl;
            *outl = 0;
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@ -67,20 +67,23 @@
 /* increment counter (128-bit int) by 1 */
 static void ctr128_inc(unsigned char *counter)
 {
-    u32 n = 16, c = 1;
+    u32 n = 16;
    u8 c;
    do {
        --n;
-        c += counter[n];
+        c = counter[n];
-        counter[n] = (u8)c;
+        ++c;
-        c >>= 8;
+        counter[n] = c;
        if (c)
            return;
    } while (n);
 }
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
 static void ctr128_inc_aligned(unsigned char *counter)
 {
-    size_t *data, c, d, n;
+    size_t *data, c, n;
    const union {
        long one;
        char little;
@ -88,19 +91,20 @@ static void ctr128_inc_aligned(unsigned char *counter)
        1
    };
-    if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) {
+    if (is_endian.little) {
        ctr128_inc(counter);
        return;
    }
    data = (size_t *)counter;
    c = 1;
    n = 16 / sizeof(size_t);
    do {
        --n;
-        d = data[n] += c;
+        c = data[n];
-        /* did addition carry? */
+        ++c;
-        c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
+        data[n] = c;
        if (c)
            return;
    } while (n);
 }
 #endif
@ -140,14 +144,14 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
            }
 # if defined(STRICT_ALIGNMENT)
-            if (((size_t)in | (size_t)out | (size_t)ecount_buf)
+            if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) !=
-                % sizeof(size_t) != 0)
+                0)
                break;
 # endif
            while (len >= 16) {
                (*block) (ivec, ecount_buf, key);
                ctr128_inc_aligned(ivec);
-                for (n = 0; n < 16; n += sizeof(size_t))
+                for (; n < 16; n += sizeof(size_t))
                    *(size_t *)(out + n) =
                        *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
                len -= 16;
@ -185,13 +189,16 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 /* increment upper 96 bits of 128-bit counter by 1 */
 static void ctr96_inc(unsigned char *counter)
 {
-    u32 n = 12, c = 1;
+    u32 n = 12;
    u8 c;
    do {
        --n;
-        c += counter[n];
+        c = counter[n];
-        counter[n] = (u8)c;
+        ++c;
-        c >>= 8;
+        counter[n] = c;
        if (c)
            return;
    } while (n);
 }
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@ -30,11 +30,11 @@ extern "C" {
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-# define OPENSSL_VERSION_NUMBER  0x10001140L
+# define OPENSSL_VERSION_NUMBER  0x1000112fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1t-fips-dev  xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1r-fips  28 Jan 2016"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1t-dev  xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1r  28 Jan 2016"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
    if (enc != NULL) {
        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
+        if (objstr == NULL) {
            PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
            goto err;
        }
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@ -131,10 +131,6 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
 # define MS_PVKMAGIC             0xb0b5f11eL
 /* Salt length for PVK files */
 # define PVK_SALTLEN             0x10
 /* Maximum length in PVK header */
 # define PVK_MAX_KEYLEN          102400
 /* Maximum salt length */
 # define PVK_MAX_SALTLEN         10240
 static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
                         unsigned int bitlen, int ispub);
@ -648,9 +644,6 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
    *psaltlen = read_ledword(&p);
    *pkeylen = read_ledword(&p);
    if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
        return 0;
    if (is_encrypted && !*psaltlen) {
        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
        return 0;
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@ -121,7 +121,7 @@ my %globals;
 		$self->{sz} = "";
 	    } elsif ($self->{op} =~ /^v/) { # VEX
 		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /mov[dq]/ && $line =~ /%xmm/) {
+	    } elsif ($self->{op} =~ /movq/ && $line =~ /%xmm/) {
 		$self->{sz} = "";
 	    } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
 		$self->{op} = $1;
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        return 0;
    }
 #endif
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+    if (rsa->meth->rsa_sign) {
        return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
    }
    /* Special case: SSL signature, just check the length */
@ -304,7 +304,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
 {
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+    if (rsa->meth->rsa_verify) {
        return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
    }
--- a/crypto/srp/srp.h
+++ b/crypto/srp/srp.h
@ -82,21 +82,16 @@ typedef struct SRP_gN_cache_st {
 DECLARE_STACK_OF(SRP_gN_cache)
 typedef struct SRP_user_pwd_st {
    /* Owned by us. */
    char *id;
    BIGNUM *s;
    BIGNUM *v;
    /* Not owned by us. */
    const BIGNUM *g;
    const BIGNUM *N;
    /* Owned by us. */
    char *info;
 } SRP_user_pwd;
 DECLARE_STACK_OF(SRP_user_pwd)
 void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
 typedef struct SRP_VBASE_st {
    STACK_OF(SRP_user_pwd) *users_pwd;
    STACK_OF(SRP_gN_cache) *gN_cache;
@ -120,12 +115,7 @@ DECLARE_STACK_OF(SRP_gN)
 SRP_VBASE *SRP_VBASE_new(char *seed_key);
 int SRP_VBASE_free(SRP_VBASE *vb);
 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
 /* This method ignores the configured seed and fails for an unknown user. */
 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
 /* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
 SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
 char *SRP_create_verifier(const char *user, const char *pass, char **salt,
                          char **verifier, const char *N, const char *g);
 int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@ -185,7 +185,7 @@ static char *t_tob64(char *dst, const unsigned char *src, int size)
    return olddst;
 }
-void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
+static void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
 {
    if (user_pwd == NULL)
        return;
@ -247,24 +247,6 @@ static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
    return (vinfo->s != NULL && vinfo->v != NULL);
 }
 static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
 {
    SRP_user_pwd *ret;
    if (src == NULL)
        return NULL;
    if ((ret = SRP_user_pwd_new()) == NULL)
        return NULL;
    SRP_user_pwd_set_gN(ret, src->g, src->N);
    if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
        || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
            SRP_user_pwd_free(ret);
            return NULL;
    }
    return ret;
 }
 SRP_VBASE *SRP_VBASE_new(char *seed_key)
 {
    SRP_VBASE *vb = (SRP_VBASE *)OPENSSL_malloc(sizeof(SRP_VBASE));
@ -486,39 +468,9 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
 }
 static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
 {
    int i;
    SRP_user_pwd *user;
    if (vb == NULL)
        return NULL;
    for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
        user = sk_SRP_user_pwd_value(vb->users_pwd, i);
        if (strcmp(user->id, username) == 0)
            return user;
    }
    return NULL;
 }
 /*
 * This method ignores the configured seed and fails for an unknown user.
 * Ownership of the returned pointer is not released to the caller.
 * In other words, caller must not free the result.
 */
 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
 {
-    return find_user(vb, username);
+    int i;
 }
 /*
 * Ownership of the returned pointer is released to the caller.
 * In other words, caller must free the result once done.
 */
 SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
 {
    SRP_user_pwd *user;
    unsigned char digv[SHA_DIGEST_LENGTH];
    unsigned char digs[SHA_DIGEST_LENGTH];
@ -526,10 +478,11 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
    if (vb == NULL)
        return NULL;
-
+    for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
-    if ((user = find_user(vb, username)) != NULL)
+        user = sk_SRP_user_pwd_value(vb->users_pwd, i);
-        return srp_user_pwd_dup(user);
+        if (strcmp(user->id, username) == 0)
-
+            return user;
    }
    if ((vb->seed_key == NULL) ||
        (vb->default_g == NULL) || (vb->default_N == NULL))
        return NULL;
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@ -1281,7 +1281,6 @@ void ERR_load_X509_strings(void);
 # define X509_R_LOADING_CERT_DIR                          103
 # define X509_R_LOADING_DEFAULTS                          104
 # define X509_R_METHOD_NOT_SUPPORTED                      124
 # define X509_R_NAME_TOO_LONG                             134
 # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
 # define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
 # define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@ -145,7 +145,6 @@ static ERR_STRING_DATA X509_str_reasons[] = {
    {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
    {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
    {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
    {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
    {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
     "no cert set for us to verify"},
    {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@ -63,13 +63,6 @@
 #include <openssl/x509.h>
 #include <openssl/buffer.h>
 /*
 * Limit to ensure we don't overflow: much greater than
 * anything enountered in practice.
 */
 #define NAME_ONELINE_MAX    (1024 * 1024)
 char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 {
    X509_NAME_ENTRY *ne;
@ -93,8 +86,6 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
            goto err;
        b->data[0] = '\0';
        len = 200;
    } else if (len == 0) {
        return NULL;
    }
    if (a == NULL) {
        if (b) {
@ -119,10 +110,6 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
        type = ne->value->type;
        num = ne->value->length;
        if (num > NAME_ONELINE_MAX) {
            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
            goto end;
        }
        q = ne->value->data;
 #ifdef CHARSET_EBCDIC
        if (type == V_ASN1_GENERALSTRING ||
@ -130,9 +117,8 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
            type == V_ASN1_PRINTABLESTRING ||
            type == V_ASN1_TELETEXSTRING ||
            type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
-            if (num > (int)sizeof(ebcdic_buf))
+            ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
-                num = sizeof(ebcdic_buf);
+                         ? sizeof ebcdic_buf : num);
            ascii2ebcdic(ebcdic_buf, q, num);
            q = ebcdic_buf;
        }
 #endif
@ -168,10 +154,6 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
        lold = l;
        l += 1 + l1 + 1 + l2;
        if (l > NAME_ONELINE_MAX) {
            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
            goto end;
        }
        if (b != NULL) {
            if (!BUF_MEM_grow(b, l + 1))
                goto err;
@ -224,7 +206,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
    return (p);
 err:
    X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
- end:
+    if (b != NULL)
-    BUF_MEM_free(b);
+        BUF_MEM_free(b);
    return (NULL);
 }
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@ -38,21 +38,25 @@ SSL v2 and for SSL v3/TLS v1.
 Like B<-v>, but include cipher suite codes in output (hex format).
-=item B<-ssl3>, B<-tls1>
+=item B<-ssl3>
-This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2.
+only include SSL v3 ciphers.
 =item B<-ssl2>
-Only include SSLv2 ciphers.
+only include SSL v2 ciphers.
 =item B<-tls1>
 only include TLS v1 ciphers.
 =item B<-h>, B<-?>
-Print a brief usage message.
+print a brief usage message.
 =item B<cipherlist>
-A cipher list to convert to a cipher preference list. If it is not included
+a cipher list to convert to a cipher preference list. If it is not included
 then the default cipher list will be used. The format is described below.
 =back
@ -105,10 +109,9 @@ The following is a list of all permitted cipher strings and their meanings.
 =item B<DEFAULT>
-The default cipher list.
+the default cipher list. This is determined at compile time and
-This is determined at compile time and is normally
+is normally B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. This must be the firstcipher string
-B<ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2>.
+specified.
 When used, this must be the first cipherstring specified.
 =item B<COMPLEMENTOFDEFAULT>
@ -136,46 +139,34 @@ than 128 bits, and some cipher suites with 128-bit keys.
 =item B<LOW>
-Low strength encryption cipher suites, currently those using 64 or 56 bit
+"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
-encryption algorithms but excluding export cipher suites.
+but excluding export cipher suites.
 As of OpenSSL 1.0.1s, these are disabled in default builds.
 =item B<EXP>, B<EXPORT>
-Export strength encryption algorithms. Including 40 and 56 bits algorithms.
+export encryption algorithms. Including 40 and 56 bits algorithms.
 As of OpenSSL 1.0.1s, these are disabled in default builds.
 =item B<EXPORT40>
-40-bit export encryption algorithms
+40 bit export encryption algorithms
 As of OpenSSL 1.0.1s, these are disabled in default builds.
 =item B<EXPORT56>
-56-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
+56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
 56 bit export ciphers is empty unless OpenSSL has been explicitly configured
 with support for experimental ciphers.
 As of OpenSSL 1.0.1s, these are disabled in default builds.
 =item B<eNULL>, B<NULL>
-The "NULL" ciphers that is those offering no encryption. Because these offer no
+the "NULL" ciphers that is those offering no encryption. Because these offer no
-encryption at all and are a security risk they are not enabled via either the
+encryption at all and are a security risk they are disabled unless explicitly
-B<DEFAULT> or B<ALL> cipher strings.
+included.
 Be careful when building cipherlists out of lower-level primitives such as
 B<kRSA> or B<aECDSA> as these do overlap with the B<eNULL> ciphers.
 When in doubt, include B<!eNULL> in your cipherlist.
 =item B<aNULL>
-The cipher suites offering no authentication. This is currently the anonymous
+the cipher suites offering no authentication. This is currently the anonymous
 DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
 to a "man in the middle" attack and so their use is normally discouraged.
 These are excluded from the B<DEFAULT> ciphers, but included in the B<ALL>
 ciphers.
 Be careful when building cipherlists out of lower-level primitives such as
 B<kDHE> or B<AES> as these do overlap with the B<aNULL> ciphers.
 When in doubt, include B<!aNULL> in your cipherlist.
 =item B<kRSA>, B<RSA>
@ -581,11 +572,11 @@ Note: these ciphers can also be used in SSL v3.
 =head2 Deprecated SSL v2.0 cipher suites.
 SSL_CK_RC4_128_WITH_MD5                 RC4-MD5
- SSL_CK_RC4_128_EXPORT40_WITH_MD5        Not implemented.
+ SSL_CK_RC4_128_EXPORT40_WITH_MD5        EXP-RC4-MD5
- SSL_CK_RC2_128_CBC_WITH_MD5             RC2-CBC-MD5
+ SSL_CK_RC2_128_CBC_WITH_MD5             RC2-MD5
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    Not implemented.
+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    EXP-RC2-MD5
 SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA-CBC-MD5
- SSL_CK_DES_64_CBC_WITH_MD5              Not implemented.
+ SSL_CK_DES_64_CBC_WITH_MD5              DES-CBC-MD5
 SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES-CBC3-MD5
 =head1 NOTES
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@ -197,11 +197,16 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is
 given as a hexadecimal number without leading 0x, for example -psk
 1a2b3c4d.
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
-These options require or disable the use of the specified SSL or TLS protocols.
+these options disable the use of certain SSL or TLS protocols. By default
-By default the initial handshake uses a I<version-flexible> method which will
+the initial handshake uses a method which should be compatible with all
-negotiate the highest mutually supported protocol version.
+servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
 Unfortunately there are a lot of ancient and broken servers in use which
 cannot handle this technique and will fail to connect. Some servers only
 work if TLS is turned off with the B<-no_tls> option others will only
 support SSL v2 and may need the B<-ssl2> option.
 =item B<-bugs>
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@ -221,11 +221,11 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is
 given as a hexadecimal number without leading 0x, for example -psk
 1a2b3c4d.
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
-These options require or disable the use of the specified SSL or TLS protocols.
+these options disable the use of certain SSL or TLS protocols. By default
-By default the initial handshake uses a I<version-flexible> method which will
+the initial handshake uses a method which should be compatible with all
-negotiate the highest mutually supported protocol version.
+servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
 =item B<-bugs>
--- a/doc/crypto/EVP_EncodeInit.pod
+++ b/doc/crypto/EVP_EncodeInit.pod
@ -1,127 +0,0 @@
 =pod
 =head1 NAME
 EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock,
 EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64
 encode/decode routines
 =head1 SYNOPSIS
 #include <openssl/evp.h>
 void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
 void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                       const unsigned char *in, int inl);
 void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
 int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
 void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
 int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                      const unsigned char *in, int inl);
 int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
                     char *out, int *outl);
 int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
 =head1 DESCRIPTION
 The EVP encode routines provide a high level interface to base 64 encoding and
 decoding. Base 64 encoding converts binary data into a printable form that uses
 the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3
 bytes of binary data provided 4 bytes of base 64 encoded data will be produced
 plus some occasional newlines (see below). If the input data length is not a
 multiple of 3 then the output data will be padded at the end using the "="
 character.
 Encoding of binary data is performed in blocks of 48 input bytes (or less for
 the final block). For each 48 byte input block encoded 64 bytes of base 64 data
 is output plus an additional newline character (i.e. 65 bytes in total). The
 final block (which may be less than 48 bytes) will output 4 bytes for every 3
 bytes of input. If the data length is not divisible by 3 then a full 4 bytes is
 still output for the final 1 or 2 bytes of input. Similarly a newline character
 will also be output.
 EVP_EncodeInit() initialises B<ctx> for the start of a new encoding operation.
 EVP_EncodeUpdate() encode B<inl> bytes of data found in the buffer pointed to by
 B<in>. The output is stored in the buffer B<out> and the number of bytes output
 is stored in B<*outl>. It is the caller's responsibility to ensure that the
 buffer at B<out> is sufficiently large to accommodate the output data. Only full
 blocks of data (48 bytes) will be immediately processed and output by this
 function. Any remainder is held in the B<ctx> object and will be processed by a
 subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the
 required size of the output buffer add together the value of B<inl> with the
 amount of unprocessed data held in B<ctx> and divide the result by 48 (ignore
 any remainder). This gives the number of blocks of data that will be processed.
 Ensure the output buffer contains 65 bytes of storage for each block, plus an
 additional byte for a NUL terminator. EVP_EncodeUpdate() may be called
 repeatedly to process large amounts of input data. In the event of an error
 EVP_EncodeUpdate() will set B<*outl> to 0.
 EVP_EncodeFinal() must be called at the end of an encoding operation. It will
 process any partial block of data remaining in the B<ctx> object. The output
 data will be stored in B<out> and the length of the data written will be stored
 in B<*outl>. It is the caller's responsibility to ensure that B<out> is
 sufficiently large to accommodate the output data which will never be more than
 65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
 EVP_EncodeBlock() encodes a full block of input data in B<f> and of length
 B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
 output data will be produced. If B<dlen> is not divisible by 3 then the block is
 encoded as a final block of data and the output is padded such that it is always
 divisible by 4. Additionally a NUL terminator character will be added. For
 example if 16 bytes of input data is provided then 24 bytes of encoded data is
 created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of
 the data generated I<without> the NUL terminator is returned from the function.
 EVP_DecodeInit() initialises B<ctx> for the start of a new decoding operation.
 EVP_DecodeUpdate() decodes B<inl> characters of data found in the buffer pointed
 to by B<in>. The output is stored in the buffer B<out> and the number of bytes
 output is stored in B<*outl>. It is the caller's responsibility to ensure that
 the buffer at B<out> is sufficiently large to accommodate the output data. This
 function will attempt to decode as much data as possible in 4 byte chunks. Any
 whitespace, newline or carriage return characters are ignored. Any partial chunk
 of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in
 the B<ctx> object and processed by a subsequent call to EVP_DecodeUpdate(). If
 any illegal base 64 characters are encountered or if the base 64 padding
 character "=" is encountered in the middle of the data then the function returns
 -1 to indicate an error. A return value of 0 or 1 indicates successful
 processing of the data. A return value of 0 additionally indicates that the last
 input data characters processed included the base 64 padding character "=" and
 therefore no more non-padding character data is expected to be processed. For
 every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and
 line feeds), 3 bytes of binary output data will be produced (or less at the end
 of the data where the padding character "=" has been used).
 EVP_DecodeFinal() must be called at the end of a decoding operation. If there
 is any unprocessed data still in B<ctx> then the input data must not have been
 a multiple of 4 and therefore an error has occurred. The function will return -1
 in this case. Otherwise the function returns 1 on success.
 EVP_DecodeBlock() will decode the block of B<n> characters of base 64 data
 contained in B<f> and store the result in B<t>. Any leading whitespace will be
 trimmed as will any trailing whitespace, newlines, carriage returns or EOF
 characters. After such trimming the length of the data in B<f> must be divisbile
 by 4. For every 4 input bytes exactly 3 output bytes will be produced. The
 output will be padded with 0 bits if necessary to ensure that the output is
 always 3 bytes for every 4 input bytes. This function will return the length of
 the data decoded or -1 on error.
 =head1 RETURN VALUES
 EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL
 terminator.
 EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned
 then no more non-padding base 64 characters are expected.
 EVP_DecodeFinal() returns -1 on error or 1 on success.
 EVP_DecodeBlock() returns the length of the data decoded or -1 on error.
 =head1 SEE ALSO
 L<evp(3)>
 =cut
--- a/doc/crypto/evp.pod
+++ b/doc/crypto/evp.pod
@ -25,10 +25,6 @@ functions.  The B<EVP_Digest>I<...> functions provide message digests.
 The B<EVP_PKEY>I<...> functions provide a high level interface to
 asymmetric algorithms.
 The L<B<EVP_Encode>I<...>|EVP_EncodeInit(3)> and
 L<B<EVP_Decode>I<...>|EVP_EncodeInit(3)> functions implement base 64 encoding
 and decoding.
 Algorithms are loaded with OpenSSL_add_all_algorithms(3).
 All the symmetric algorithms (ciphers), digests and asymmetric algorithms
@ -53,7 +49,6 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
 L<EVP_SealInit(3)|EVP_SealInit(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
 L<EVP_EncodeInit(3)>,
 L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
 L<engine(3)|engine(3)>
--- a/doc/ssl/SSL_CTX_new.pod
+++ b/doc/ssl/SSL_CTX_new.pod
@ -2,47 +2,13 @@
 =head1 NAME
-SSL_CTX_new,
+SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
 SSLv23_method, SSLv23_server_method, SSLv23_client_method,
 TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
 TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method,
 TLSv1_method, TLSv1_server_method, TLSv1_client_method,
 SSLv3_method, SSLv3_server_method, SSLv3_client_method,
 SSLv2_method, SSLv2_server_method, SSLv2_client_method,
 DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method -
 create a new SSL_CTX object as framework for TLS/SSL enabled functions
 =head1 SYNOPSIS
 #include <openssl/ssl.h>
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
 const SSL_METHOD *SSLv23_method(void);
 const SSL_METHOD *SSLv23_server_method(void);
 const SSL_METHOD *SSLv23_client_method(void);
 const SSL_METHOD *TLSv1_2_method(void);
 const SSL_METHOD *TLSv1_2_server_method(void);
 const SSL_METHOD *TLSv1_2_client_method(void);
 const SSL_METHOD *TLSv1_1_method(void);
 const SSL_METHOD *TLSv1_1_server_method(void);
 const SSL_METHOD *TLSv1_1_client_method(void);
 const SSL_METHOD *TLSv1_method(void);
 const SSL_METHOD *TLSv1_server_method(void);
 const SSL_METHOD *TLSv1_client_method(void);
 #ifndef OPENSSL_NO_SSL3_METHOD
 const SSL_METHOD *SSLv3_method(void);
 const SSL_METHOD *SSLv3_server_method(void);
 const SSL_METHOD *SSLv3_client_method(void);
 #endif
 #ifndef OPENSSL_NO_SSL2
 const SSL_METHOD *SSLv2_method(void);
 const SSL_METHOD *SSLv2_server_method(void);
 const SSL_METHOD *SSLv2_client_method(void);
 #endif
 const SSL_METHOD *DTLSv1_method(void);
 const SSL_METHOD *DTLSv1_server_method(void);
 const SSL_METHOD *DTLSv1_client_method(void);
 =head1 DESCRIPTION
@ -57,80 +23,65 @@ client only type. B<method> can be of the following types:
 =over 4
-=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
+=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
-These are the general-purpose I<version-flexible> SSL/TLS methods.
+A TLS/SSL connection established with these methods will only understand
-The actual protocol version used will be negotiated to the highest version
+the SSLv2 protocol. A client will send out SSLv2 client hello messages
-mutually supported by the client and the server.
+and will also indicate that it only understand SSLv2. A server will only
-The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
+understand SSLv2 client hello messages.
 Most applications should use these method, and avoid the version specific
 methods described below.
-The list of protocols available can be further limited using the
+=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
 B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
 B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> options of the
 L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions.
 Clients should avoid creating "holes" in the set of protocols they support,
 when disabling a protocol, make sure that you also disable either all previous
 or all subsequent protocol versions.
 In clients, when a protocol version is disabled without disabling I<all>
 previous protocol versions, the effect is to also disable all subsequent
 protocol versions.
 The SSLv2 and SSLv3 protocols are deprecated and should generally not be used.
 Applications should typically use L<SSL_CTX_set_options(3)> in combination with
 the B<SSL_OP_NO_SSLv3> flag to disable negotiation of SSLv3 via the above
 I<version-flexible> SSL/TLS methods.
 The B<SSL_OP_NO_SSLv2> option is set by default, and would need to be cleared
 via L<SSL_CTX_clear_options(3)> in order to enable negotiation of SSLv2.
 =item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
 A TLS/SSL connection established with these methods will only understand the
-TLSv1.2 protocol.  A client will send out TLSv1.2 client hello messages and
+SSLv3 protocol. A client will send out SSLv3 client hello messages
-will also indicate that it only understand TLSv1.2.  A server will only
+and will indicate that it only understands SSLv3. A server will only understand
-understand TLSv1.2 client hello messages.
+SSLv3 client hello messages. This especially means, that it will
 not understand SSLv2 client hello messages which are widely used for
 compatibility reasons, see SSLv23_*_method().
-=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
+=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
 A TLS/SSL connection established with these methods will only understand the
-TLSv1.1 protocol.  A client will send out TLSv1.1 client hello messages and
+TLSv1 protocol. A client will send out TLSv1 client hello messages
-will also indicate that it only understand TLSv1.1.  A server will only
+and will indicate that it only understands TLSv1. A server will only understand
-understand TLSv1.1 client hello messages.
+TLSv1 client hello messages. This especially means, that it will
 not understand SSLv2 client hello messages which are widely used for
 compatibility reasons, see SSLv23_*_method(). It will also not understand
 SSLv3 client hello messages.
-=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
+=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
-A TLS/SSL connection established with these methods will only understand the
+A TLS/SSL connection established with these methods may understand the SSLv2,
-TLSv1 protocol.  A client will send out TLSv1 client hello messages and will
+SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
 indicate that it only understands TLSv1.  A server will only understand TLSv1
 client hello messages.
-=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
+If the cipher list does not contain any SSLv2 ciphersuites (the default
 cipher list does not) or extensions are required (for example server name)
 a client will send out TLSv1 client hello messages including extensions and
 will indicate that it also understands TLSv1.1, TLSv1.2 and permits a
 fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2
 protocols. This is the best choice when compatibility is a concern.
-A TLS/SSL connection established with these methods will only understand the
+If any SSLv2 ciphersuites are included in the cipher list and no extensions
-SSLv3 protocol.  A client will send out SSLv3 client hello messages and will
+are required then SSLv2 compatible client hellos will be used by clients and
-indicate that it only understands SSLv3.  A server will only understand SSLv3
+SSLv2 will be accepted by servers. This is B<not> recommended due to the
-client hello messages.  The SSLv3 protocol is deprecated and should not be
+insecurity of SSLv2 and the limited nature of the SSLv2 client hello
-used.
+prohibiting the use of extensions.
 =item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method()
 A TLS/SSL connection established with these methods will only understand the
 SSLv2 protocol.  A client will send out SSLv2 client hello messages and will
 also indicate that it only understand SSLv2.  A server will only understand
 SSLv2 client hello messages.  The SSLv2 protocol offers little to no security
 and should not be used.
 As of OpenSSL 1.0.1s, EXPORT ciphers and 56-bit DES are no longer available
 with SSLv2.
 =item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
 These are the version-specific methods for DTLSv1.
 =back
-SSL_CTX_new() initializes the list of ciphers, the session cache setting, the
+The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
-callbacks, the keys and certificates and the options to its default values.
+SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2
 options of the SSL_CTX_set_options() or SSL_set_options() functions.
 Using these options it is possible to choose e.g. SSLv23_server_method() and
 be able to negotiate with all possible clients, but to only allow newer
 protocols like TLSv1, TLSv1.1 or TLS v1.2.
 Applications which never want to support SSLv2 (even is the cipher string
 is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2.
 SSL_CTX_new() initializes the list of ciphers, the session cache setting,
 the callbacks, the keys and certificates and the options to its default
 values.
 =head1 RETURN VALUES
@ -140,8 +91,8 @@ The following return values can occur:
 =item NULL
-The creation of a new SSL_CTX object failed. Check the error stack to find out
+The creation of a new SSL_CTX object failed. Check the error stack to
-the reason.
+find out the reason.
 =item Pointer to an SSL_CTX object
@ -151,7 +102,6 @@ The return value points to an allocated SSL_CTX object.
 =head1 SEE ALSO
 L<SSL_CTX_set_options(3)>, L<SSL_CTX_clear_options(3)>, L<SSL_set_options(3)>,
 L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
 L<ssl(3)|ssl(3)>,  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@ -189,25 +189,15 @@ browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta
 =item SSL_OP_NO_SSLv2
 Do not use the SSLv2 protocol.
 As of OpenSSL 1.0.1s the B<SSL_OP_NO_SSLv2> option is set by default.
 =item SSL_OP_NO_SSLv3
 Do not use the SSLv3 protocol.
 It is recommended that applications should set this option.
 =item SSL_OP_NO_TLSv1
 Do not use the TLSv1 protocol.
 =item SSL_OP_NO_TLSv1_1
 Do not use the TLSv1.1 protocol.
 =item SSL_OP_NO_TLSv1_2
 Do not use the TLSv1.2 protocol.
 =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
 When performing renegotiation as a server, always start a new session
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@ -130,86 +130,41 @@ protocol methods defined in B<SSL_METHOD> structures.
 =over 4
 =item const SSL_METHOD *B<SSLv23_method>(void);
 Constructor for the I<version-flexible> SSL_METHOD structure for
 clients, servers or both.
 See L<SSL_CTX_new(3)> for details.
 =item const SSL_METHOD *B<SSLv23_client_method>(void);
 Constructor for the I<version-flexible> SSL_METHOD structure for
 clients.
 =item const SSL_METHOD *B<SSLv23_client_method>(void);
 Constructor for the I<version-flexible> SSL_METHOD structure for
 servers.
 =item const SSL_METHOD *B<TLSv1_2_method>(void);
 Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers
 or both.
 =item const SSL_METHOD *B<TLSv1_2_client_method>(void);
 Constructor for the TLSv1.2 SSL_METHOD structure for clients.
 =item const SSL_METHOD *B<TLSv1_2_server_method>(void);
 Constructor for the TLSv1.2 SSL_METHOD structure for servers.
 =item const SSL_METHOD *B<TLSv1_1_method>(void);
 Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers
 or both.
 =item const SSL_METHOD *B<TLSv1_1_client_method>(void);
 Constructor for the TLSv1.1 SSL_METHOD structure for clients.
 =item const SSL_METHOD *B<TLSv1_1_server_method>(void);
 Constructor for the TLSv1.1 SSL_METHOD structure for servers.
 =item const SSL_METHOD *B<TLSv1_method>(void);
 Constructor for the TLSv1 SSL_METHOD structure for clients, servers
 or both.
 =item const SSL_METHOD *B<TLSv1_client_method>(void);
 Constructor for the TLSv1 SSL_METHOD structure for clients.
 =item const SSL_METHOD *B<TLSv1_server_method>(void);
 Constructor for the TLSv1 SSL_METHOD structure for servers.
 =item const SSL_METHOD *B<SSLv3_method>(void);
 Constructor for the SSLv3 SSL_METHOD structure for clients, servers
 or both.
 =item const SSL_METHOD *B<SSLv3_client_method>(void);
 Constructor for the SSLv3 SSL_METHOD structure for clients.
 =item const SSL_METHOD *B<SSLv3_server_method>(void);
 Constructor for the SSLv3 SSL_METHOD structure for servers.
 =item const SSL_METHOD *B<SSLv2_method>(void);
 Constructor for the SSLv2 SSL_METHOD structure for clients, servers
 or both.
 =item const SSL_METHOD *B<SSLv2_client_method>(void);
-Constructor for the SSLv2 SSL_METHOD structure for clients.
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
 =item const SSL_METHOD *B<SSLv2_server_method>(void);
-Constructor for the SSLv2 SSL_METHOD structure for servers.
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
 =item const SSL_METHOD *B<SSLv2_method>(void);
 Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
 =item const SSL_METHOD *B<SSLv3_client_method>(void);
 Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
 =item const SSL_METHOD *B<SSLv3_server_method>(void);
 Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
 =item const SSL_METHOD *B<SSLv3_method>(void);
 Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
 =item const SSL_METHOD *B<TLSv1_client_method>(void);
 Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
 =item const SSL_METHOD *B<TLSv1_server_method>(void);
 Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
 =item const SSL_METHOD *B<TLSv1_method>(void);
 Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
 =back
--- a/ms/uplink-x86.pl
+++ b/ms/uplink-x86.pl
@ -14,11 +14,11 @@ require "uplink-common.pl";
 for ($i=1;$i<=$N;$i++) {
 &function_begin_B("_\$lazy${i}");
 	&lea	("eax",&DWP(&label("OPENSSL_UplinkTable")));
 	&push	($i);
 	&push	("eax");
 	&push	($i);
 	&call	(&label("OPENSSL_Uplink"));
 	&add	("esp",8);
 	&pop	("eax");
 	&add	("esp",4);
 	&jmp_ptr(&DWP(4*$i,"eax"));
 &function_end_B("_\$lazy${i}");
 }
--- a/openssl.spec
+++ b/openssl.spec
@ -7,7 +7,7 @@ Release: 1
 Summary: Secure Sockets Layer and cryptography libraries and tools
 Name: openssl
 #Version: %{libmaj}.%{libmin}.%{librel}
-Version: 1.0.1t
+Version: 1.0.1r
 Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
 License: OpenSSL
 Group: System Environment/Libraries
--- a/ssl/Makefile
+++ b/ssl/Makefile
@ -420,14 +420,14 @@ s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
+s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_clnt.o: ssl_locl.h
+s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
 s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s2_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@ -456,18 +456,18 @@ s2_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s2_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
 s2_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
 s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
+s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_lib.o: ssl_locl.h
+s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
 s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s2_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@ -508,19 +508,20 @@ s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
 s2_pkt.o: ssl_locl.h
-s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h
-s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s2_srvr.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s2_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s2_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s2_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s2_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
 s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@ -1579,8 +1579,6 @@ int dtls1_process_heartbeat(SSL *s)
         * plus 2 bytes payload length, plus payload, plus padding
         */
        buffer = OPENSSL_malloc(write_length);
        if (buffer == NULL)
            return -1;
        bp = buffer;
        /* Enter response type, length and copy payload */
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@ -150,13 +150,12 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
     SSL_RC4,
     SSL_MD5,
     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_NOT_EXP | SSL_MEDIUM,
     0,
     128,
     128,
     },
 # if 0
 /* RC4_128_EXPORT40_WITH_MD5 */
    {
     1,
@ -167,12 +166,11 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
     SSL_RC4,
     SSL_MD5,
     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL2_CF_5_BYTE_ENC,
     40,
     128,
     },
 # endif
 /* RC2_128_CBC_WITH_MD5 */
    {
@ -184,13 +182,12 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
     SSL_RC2,
     SSL_MD5,
     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_NOT_EXP | SSL_MEDIUM,
     0,
     128,
     128,
     },
 # if 0
 /* RC2_128_CBC_EXPORT40_WITH_MD5 */
    {
     1,
@ -201,12 +198,11 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
     SSL_RC2,
     SSL_MD5,
     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL2_CF_5_BYTE_ENC,
     40,
     128,
     },
 # endif
 # ifndef OPENSSL_NO_IDEA
 /* IDEA_128_CBC_WITH_MD5 */
@ -219,14 +215,13 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
     SSL_IDEA,
     SSL_MD5,
     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_NOT_EXP | SSL_MEDIUM,
     0,
     128,
     128,
     },
 # endif
 # if 0
 /* DES_64_CBC_WITH_MD5 */
    {
     1,
@ -237,12 +232,11 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
     SSL_DES,
     SSL_MD5,
     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_NOT_EXP | SSL_LOW,
     0,
     56,
     56,
     },
 # endif
 /* DES_192_EDE3_CBC_WITH_MD5 */
    {
@ -254,7 +248,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
     SSL_3DES,
     SSL_MD5,
     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
+     SSL_NOT_EXP | SSL_HIGH,
     0,
     112,
     168,
@ -271,7 +265,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
     SSL_RC4,
     SSL_MD5,
     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_NOT_EXP | SSL_LOW,
     SSL2_CF_8_BYTE_ENC,
     64,
     64,
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@ -57,8 +57,7 @@
 */
 #include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2_METHOD
+#ifndef OPENSSL_NO_SSL2
 # ifndef OPENSSL_NO_SSL2
 # include <stdio.h>
 # include <openssl/objects.h>
@ -73,16 +72,7 @@ static const SSL_METHOD *ssl2_get_method(int ver)
 IMPLEMENT_ssl2_meth_func(SSLv2_method,
                         ssl2_accept, ssl2_connect, ssl2_get_method)
-
+#else                           /* !OPENSSL_NO_SSL2 */
 # else /* !OPENSSL_NO_SSL2 */
 const SSL_METHOD *SSLv2_method(void) { return NULL; }
 const SSL_METHOD *SSLv2_client_method(void) { return NULL; }
 const SSL_METHOD *SSLv2_server_method(void) { return NULL; }
 # endif
 #else /* !OPENSSL_NO_SSL2_METHOD */
 # if PEDANTIC
 static void *dummy = &dummy;
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@ -2104,7 +2104,6 @@ int ssl3_get_certificate_request(SSL *s)
            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
            goto err;
        }
        xn = NULL;
        p += l;
        nc += l + 2;
@ -2128,7 +2127,6 @@ int ssl3_get_certificate_request(SSL *s)
 err:
    s->state = SSL_ST_ERR;
 done:
    X509_NAME_free(xn);
    if (ca_sk != NULL)
        sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
    return (ret);
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -203,7 +203,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 03 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_RC4_40_MD5,
@ -213,12 +212,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC4,
     SSL_MD5,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     128,
     },
 #endif
 /* Cipher 04 */
    {
@ -253,7 +251,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 06 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_RC2_40_MD5,
@ -263,12 +260,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC2,
     SSL_MD5,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     128,
     },
 #endif
 /* Cipher 07 */
 #ifndef OPENSSL_NO_IDEA
@ -289,7 +285,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
 #endif
 /* Cipher 08 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_DES_40_CBC_SHA,
@ -299,15 +294,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     56,
     },
 #endif
 /* Cipher 09 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_DES_64_CBC_SHA,
@ -317,12 +310,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_NOT_EXP | SSL_LOW,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     56,
     },
 #endif
 /* Cipher 0A */
    {
@ -342,7 +334,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
 /* The DH ciphers */
 /* Cipher 0B */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     0,
     SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
@ -352,15 +343,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     56,
     },
 #endif
 /* Cipher 0C */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     0,                         /* not implemented (non-ephemeral DH) */
     SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
@ -370,12 +359,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_NOT_EXP | SSL_LOW,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     56,
     },
 #endif
 /* Cipher 0D */
    {
@ -394,7 +382,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 0E */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     0,                         /* not implemented (non-ephemeral DH) */
     SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
@ -404,15 +391,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     56,
     },
 #endif
 /* Cipher 0F */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     0,                         /* not implemented (non-ephemeral DH) */
     SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
@ -422,12 +407,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_NOT_EXP | SSL_LOW,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     56,
     },
 #endif
 /* Cipher 10 */
    {
@ -447,7 +431,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
 /* The Ephemeral DH ciphers */
 /* Cipher 11 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
@ -457,15 +440,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     56,
     },
 #endif
 /* Cipher 12 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
@ -475,12 +456,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_NOT_EXP | SSL_LOW,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     56,
     },
 #endif
 /* Cipher 13 */
    {
@ -499,7 +479,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 14 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
@ -509,15 +488,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     56,
     },
 #endif
 /* Cipher 15 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
@ -527,12 +504,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_NOT_EXP | SSL_LOW,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     56,
     },
 #endif
 /* Cipher 16 */
    {
@ -551,7 +527,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 17 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_ADH_RC4_40_MD5,
@ -561,12 +536,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC4,
     SSL_MD5,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     128,
     },
 #endif
 /* Cipher 18 */
    {
@ -578,14 +552,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC4,
     SSL_MD5,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_NOT_EXP | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
 /* Cipher 19 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_ADH_DES_40_CBC_SHA,
@ -595,15 +568,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     128,
     },
 #endif
 /* Cipher 1A */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_ADH_DES_64_CBC_SHA,
@ -613,12 +584,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_NOT_EXP | SSL_LOW,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     56,
     },
 #endif
 /* Cipher 1B */
    {
@ -630,7 +600,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_3DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
@ -690,7 +660,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
 #ifndef OPENSSL_NO_KRB5
 /* The Kerberos ciphers*/
 /* Cipher 1E */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_DES_64_CBC_SHA,
@ -700,12 +669,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_NOT_EXP | SSL_LOW,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     56,
     },
 # endif
 /* Cipher 1F */
    {
@ -756,7 +724,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 22 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_DES_64_CBC_MD5,
@ -766,12 +733,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_MD5,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_NOT_EXP | SSL_LOW,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     56,
     },
 # endif
 /* Cipher 23 */
    {
@ -822,7 +788,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 26 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_DES_40_CBC_SHA,
@ -832,15 +797,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     56,
     },
 # endif
 /* Cipher 27 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_RC2_40_CBC_SHA,
@ -850,15 +813,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC2,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     128,
     },
 # endif
 /* Cipher 28 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_RC4_40_SHA,
@ -868,15 +829,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC4,
     SSL_SHA1,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     128,
     },
 # endif
 /* Cipher 29 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_DES_40_CBC_MD5,
@ -886,15 +845,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_MD5,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     56,
     },
 # endif
 /* Cipher 2A */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_RC2_40_CBC_MD5,
@ -904,15 +861,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC2,
     SSL_MD5,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     128,
     },
 # endif
 /* Cipher 2B */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_RC4_40_MD5,
@ -922,12 +877,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC4,
     SSL_MD5,
     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_EXPORT | SSL_EXP40,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     40,
     128,
     },
 # endif
 #endif                          /* OPENSSL_NO_KRB5 */
 /* New AES ciphersuites */
@ -1016,7 +970,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_AES128,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
@ -1111,7 +1065,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_AES256,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
@ -1307,7 +1261,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
+     SSL_NOT_EXP | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
@ -1327,7 +1281,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC4,
     SSL_MD5,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_EXPORT | SSL_EXP56,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     128,
@ -1343,7 +1297,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC2,
     SSL_MD5,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_EXPORT | SSL_EXP56,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     128,
@ -1351,7 +1305,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
 # endif
    /* Cipher 62 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
@ -1361,15 +1314,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_EXPORT | SSL_EXP56,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     56,
     },
 # endif
    /* Cipher 63 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
@ -1379,15 +1330,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_DES,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_EXPORT | SSL_EXP56,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     56,
     },
 # endif
    /* Cipher 64 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
@ -1397,15 +1346,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC4,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_EXPORT | SSL_EXP56,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     128,
     },
 # endif
    /* Cipher 65 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
@ -1415,12 +1362,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC4,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_EXPORT | SSL_EXP56,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     56,
     128,
     },
 # endif
    /* Cipher 66 */
    {
@ -1530,7 +1476,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_AES128,
     SSL_SHA256,
     SSL_TLSV1_2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
@ -1546,7 +1492,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_AES256,
     SSL_SHA256,
     SSL_TLSV1_2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
@ -1699,7 +1645,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
+     SSL_NOT_EXP | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
@ -1865,7 +1811,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_SEED,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_NOT_EXP | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
@ -2045,7 +1991,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_AES128GCM,
     SSL_AEAD,
     SSL_TLSV1_2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
@ -2061,7 +2007,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_AES256GCM,
     SSL_AEAD,
     SSL_TLSV1_2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
@ -2414,7 +2360,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_RC4,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_NOT_EXP | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
@ -2430,7 +2376,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_3DES,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
@ -2446,7 +2392,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_AES128,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
@ -2462,7 +2408,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     SSL_AES256,
     SSL_SHA1,
     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -334,7 +334,7 @@ extern "C" {
 * The following cipher list is used by default. It also is substituted when
 * an application-defined cipher list string starts with 'DEFAULT'.
 */
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
 /*
 * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
 * starts with a reasonable order, and all we have to do for DEFAULT is
@ -2017,7 +2017,7 @@ const char *SSL_get_version(const SSL *s);
 /* This sets the 'default' SSL version that SSL_new() will create */
 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
-# ifndef OPENSSL_NO_SSL2_METHOD
+# ifndef OPENSSL_NO_SSL2
 const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
 const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
 const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@ -235,7 +235,8 @@ static const SSL_CIPHER cipher_aliases[] = {
     * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
     * ALL!)
     */
-    {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
+    {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
     SSL_EXP_MASK, 0, 0, 0},
    /*
     * key exchange aliases (some of those using only a single bit here
@ -999,6 +1000,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
                    cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl,
                    cp->algo_strength);
 #endif
            if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
                goto ok;
            if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
                goto ok;
            if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
                continue;
            if (alg_auth && !(alg_auth & cp->algorithm_auth))
@ -1015,11 +1020,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
            if ((algo_strength & SSL_STRONG_MASK)
                && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
                continue;
            if ((algo_strength & SSL_NOT_DEFAULT)
                && !(cp->algo_strength & SSL_NOT_DEFAULT))
                continue;
        }
    ok:
 #ifdef CIPHER_DEBUG
        fprintf(stderr, "Action = %d\n", rule);
 #endif
@ -1303,10 +1307,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                        ca_list[j]->algo_strength & SSL_STRONG_MASK;
            }
            if (ca_list[j]->algo_strength & SSL_NOT_DEFAULT) {
                algo_strength |= SSL_NOT_DEFAULT;
            }
            if (ca_list[j]->valid) {
                /*
                 * explicit ciphersuite found; its protocol version does not
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1896,13 +1896,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
     */
    ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
    /*
     * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
     * explicitly clear this option via either of SSL_CTX_clear_options() or
     * SSL_clear_options().
     */
    ret->options |= SSL_OP_NO_SSLv2;
    return (ret);
 err:
    SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -435,9 +435,8 @@
 # define SSL_MEDIUM              0x00000040L
 # define SSL_HIGH                0x00000080L
 # define SSL_FIPS                0x00000100L
 # define SSL_NOT_DEFAULT         0x00000200L
-/* we have used 000003ff - 22 bits left to go */
+/* we have used 000001ff - 23 bits left to go */
 /*-
 * Macros to check the export status and cipher strength for export ciphers.
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -2321,10 +2321,8 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
    p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
    eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
    sdec = OPENSSL_malloc(eticklen);
-    if (sdec == NULL
+    if (!sdec || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
            || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
        EVP_CIPHER_CTX_cleanup(&ctx);
        OPENSSL_free(sdec);
        return -1;
    }
    if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
@ -2581,8 +2579,6 @@ int tls1_process_heartbeat(SSL *s)
         * plus 2 bytes payload length, plus payload, plus padding
         */
        buffer = OPENSSL_malloc(1 + 2 + payload + padding);
        if (buffer == NULL)
            return -1;
        bp = buffer;
        /* Enter response type, length and copy payload */
--- a/test/testfipsssl
+++ b/test/testfipsssl
@ -38,12 +38,8 @@ fi
 echo test ssl3 is forbidden in FIPS mode
 $ssltest -ssl3 $extra && exit 1
-if ../util/shlib_wrap.sh ../apps/openssl ciphers SSLv2 >/dev/null 2>&1; then
+echo test ssl2 is forbidden in FIPS mode
-    echo test ssl2 is forbidden in FIPS mode
+$ssltest -ssl2 $extra && exit 1
    $ssltest -ssl2 $extra && exit 1
 else
    echo ssl2 disabled: skipping test
 fi
 echo test tls1
 $ssltest -tls1 $extra || exit 1
--- a/util/libeay.num
+++ b/util/libeay.num
@ -1065,8 +1065,8 @@ d2i_ASN1_BMPSTRING                      1092	EXIST::FUNCTION:
 i2d_ASN1_BMPSTRING                      1093	EXIST::FUNCTION:
 BIO_f_ber                               1094	NOEXIST::FUNCTION:
 BN_init                                 1095	EXIST::FUNCTION:
-COMP_CTX_new                            1096	EXIST::FUNCTION:COMP
+COMP_CTX_new                            1096	EXIST::FUNCTION:
-COMP_CTX_free                           1097	EXIST::FUNCTION:COMP
+COMP_CTX_free                           1097	EXIST::FUNCTION:
 COMP_CTX_compress_block                 1098	NOEXIST::FUNCTION:
 COMP_CTX_expand_block                   1099	NOEXIST::FUNCTION:
 X509_STORE_CTX_get_ex_new_index         1100	EXIST::FUNCTION:
@ -1113,10 +1113,10 @@ PKCS7_digest_from_attributes            1140	EXIST::FUNCTION:
 PKCS7_get_attribute                     1141	EXIST::FUNCTION:
 PKCS7_get_issuer_and_serial             1142	EXIST::FUNCTION:
 PKCS7_get_signed_attribute              1143	EXIST::FUNCTION:
-COMP_compress_block                     1144	EXIST::FUNCTION:COMP
+COMP_compress_block                     1144	EXIST::FUNCTION:
-COMP_expand_block                       1145	EXIST::FUNCTION:COMP
+COMP_expand_block                       1145	EXIST::FUNCTION:
-COMP_rle                                1146	EXIST::FUNCTION:COMP
+COMP_rle                                1146	EXIST::FUNCTION:
-COMP_zlib                               1147	EXIST::FUNCTION:COMP
+COMP_zlib                               1147	EXIST::FUNCTION:
 ms_time_diff                            1148	NOEXIST::FUNCTION:
 ms_time_new                             1149	NOEXIST::FUNCTION:
 ms_time_free                            1150	NOEXIST::FUNCTION:
@ -1807,8 +1807,6 @@ ASN1_UTCTIME_get                        2350	NOEXIST::FUNCTION:
 X509_REQ_digest                         2362	EXIST::FUNCTION:EVP
 X509_CRL_digest                         2391	EXIST::FUNCTION:EVP
 ASN1_STRING_clear_free                  2392	EXIST::FUNCTION:
 SRP_VBASE_get1_by_user                  2393	EXIST::FUNCTION:SRP
 SRP_user_pwd_free                       2394	EXIST::FUNCTION:SRP
 d2i_ASN1_SET_OF_PKCS7                   2397	NOEXIST::FUNCTION:
 X509_ALGOR_cmp                          2398	EXIST::FUNCTION:
 EVP_CIPHER_CTX_set_key_length           2399	EXIST::FUNCTION:
@ -1945,7 +1943,7 @@ ENGINE_get_ctrl_function                2521	EXIST::FUNCTION:ENGINE
 ENGINE_set_ctrl_function                2522	EXIST::FUNCTION:ENGINE
 BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
 X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
-ERR_load_COMP_strings                   2525	EXIST::FUNCTION:COMP
+ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
 PKCS12_item_decrypt_d2i                 2526	EXIST::FUNCTION:
 ASN1_UTF8STRING_it                      2527	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 ASN1_UTF8STRING_it                      2527	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@ -3545,8 +3543,8 @@ X509at_get0_data_by_OBJ                 3931	EXIST::FUNCTION:
 ASN1_TYPE_set1                          3932	EXIST::FUNCTION:
 ASN1_STRING_set0                        3933	EXIST::FUNCTION:
 i2d_X509_ALGORS                         3934	EXIST::FUNCTION:
-BIO_f_zlib                              3935	EXIST:ZLIB:FUNCTION:COMP
+BIO_f_zlib                              3935	EXIST:ZLIB:FUNCTION:
-COMP_zlib_cleanup                       3936	EXIST::FUNCTION:COMP
+COMP_zlib_cleanup                       3936	EXIST::FUNCTION:
 d2i_X509_ALGORS                         3937	EXIST::FUNCTION:
 CMS_ReceiptRequest_free                 3938	EXIST::FUNCTION:CMS
 PEM_write_CMS                           3939	EXIST:!WIN16:FUNCTION:CMS
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@ -281,10 +281,8 @@ $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
 $cflags.=" -DOPENSSL_FIPS"    if $fips;
 $cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
 $cflags.=" -DOPENSSL_NO_EC2M"    if $no_ec2m;
-$cflags.=" -DOPENSSL_NO_WEAK_SSL_CIPHERS"   if $no_weak_ssl;
+$cflags.= " -DZLIB" if $zlib_opt;
-$cflags.=" -DZLIB" if $zlib_opt;
+$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
 $cflags.=" -DZLIB_SHARED" if $zlib_opt == 2;
 $cflags.=" -DOPENSSL_NO_COMP" if $no_comp;
 if ($no_static_engine)
 	{
@ -461,7 +459,7 @@ EX_LIBS=$ex_libs
 # The OpenSSL directory
 SRC_D=$src_dir
-LINK_CMD=$link
+LINK=$link
 LFLAGS=$lflags
 RSC=$rsc
@ -781,7 +779,6 @@ sub var_add
 	return("") if $no_gost   && $dir =~ /\/ccgost/;
 	return("") if $no_cms  && $dir =~ /\/cms/;
 	return("") if $no_jpake  && $dir =~ /\/jpake/;
 	return("") if $no_comp && $dir =~ /\/comp/;
 	if ($no_des && $dir =~ /\/des/)
 		{
 		if ($val =~ /read_pwd/)
@ -1117,7 +1114,6 @@ sub read_options
 		"nw-mwasm" => \$nw_mwasm,
 		"gaswin" => \$gaswin,
 		"no-ssl2" => \$no_ssl2,
 		"no-ssl2-method" => 0,
 		"no-ssl3" => \$no_ssl3,
 		"no-ssl3-method" => 0,
 		"no-tlsext" => \$no_tlsext,
@ -1126,7 +1122,6 @@ sub read_options
 		"no-ec2m" => \$no_ec2m,
 		"no-jpake" => \$no_jpake,
 		"no-ec_nistp_64_gcc_128" => 0,
 		"no-weak-ssl-ciphers" => \$no_weak_ssl,
 		"no-err" => \$no_err,
 		"no-sock" => \$no_sock,
 		"no-krb5" => \$no_krb5,
@ -1159,7 +1154,6 @@ sub read_options
 		"no-unit-test" => 0,
 		"no-zlib" => 0,
 		"no-zlib-dynamic" => 0,
 		"no-comp" => \$no_comp,
 		"fips" => \$fips
 		);
@ -1177,6 +1171,7 @@ sub read_options
 				}
 			}
 		}
 	elsif (/^no-comp$/) { $xcflags = "-DOPENSSL_NO_COMP $xcflags"; }
 	elsif (/^enable-zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
 	elsif (/^enable-zlib-dynamic$/)
 		{
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@ -107,8 +107,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 			 "CAPIENG",
 			 # SSL v2
 			 "SSL2",
 			 # SSL v2 method
 			 "SSL2_METHOD",
 			 # SSL v3 method
 			 "SSL3_METHOD",
 			 # JPAKE
@ -145,7 +143,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
 my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
 my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; 
 my $no_nextprotoneg; my $no_sctp; my $no_srtp;
-my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method;
+my $no_unit_test; my $no_ssl3_method;
 my $fips;
@ -240,7 +238,6 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-ec_nistp_64_gcc_128$/)	{ $no_nistp_gcc=1; }
 	elsif (/^no-nextprotoneg$/)	{ $no_nextprotoneg=1; }
 	elsif (/^no-ssl2$/)	{ $no_ssl2=1; }
 	elsif (/^no-ssl2-method$/) { $no_ssl2_method=1; }
 	elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; }
 	elsif (/^no-capieng$/)	{ $no_capieng=1; }
 	elsif (/^no-jpake$/)	{ $no_jpake=1; }
@ -1214,7 +1211,6 @@ sub is_valid
 			if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)
 					{ return 0; }
 			if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
 			if ($keyword eq "SSL2_METHOD" && $no_ssl2_method) { return 0; }
 			if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; }
 			if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
 			if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
--- a/util/pl/BC-32.pl
+++ b/util/pl/BC-32.pl
@ -118,7 +118,7 @@ ___
 		{
 		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
 		$ex.=' ws2_32.lib gdi32.lib';
-		$ret.="\t\$(LINK_CMD) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
 		}
 	$ret.="\n";
 	return($ret);
@ -132,7 +132,7 @@ sub do_link_rule
 	$file =~ s/\//$o/g if $o ne '/';
 	$n=&bname($target);
 	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK_CMD) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n";
+	$ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n";
 	return($ret);
 	}
--- a/util/pl/Mingw32.pl
+++ b/util/pl/Mingw32.pl
@ -98,7 +98,7 @@ sub do_link_rule
 	$file =~ s/\//$o/g if $o ne '/';
 	$n=&bname($target);
 	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
 	return($ret);
 	}
 1;
--- a/util/pl/OS2-EMX.pl
+++ b/util/pl/OS2-EMX.pl
@ -99,7 +99,7 @@ sub do_lib_rule
 		{
 		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
 		$ex.=' -lsocket';
-		$ret.="\t\$(LINK_CMD) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
+		$ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
 		$ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
 		$ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
 		}
@ -113,7 +113,7 @@ sub do_link_rule
 	$file =~ s/\//$o/g if $o ne '/';
 	$n=&bname($target);
 	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK_CMD) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n";
 	return($ret);
 	}
--- a/util/pl/VC-32.pl
+++ b/util/pl/VC-32.pl
@ -314,7 +314,7 @@ sub do_lib_rule
 		if ($fips && $target =~ /O_CRYPTO/)
 			{
 			$ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
-			$ret.="\n\tSET FIPS_LINK=\$(LINK_CMD)\n";
+			$ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
 			$ret.="\tSET FIPS_CC=\$(CC)\n";
 			$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
 			$ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
@ -328,7 +328,7 @@ sub do_lib_rule
 		else
 			{
 			$ret.="$target: $objs";
-			$ret.="\n\t\$(LINK_CMD) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
+			$ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
 			}
 		$ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
 		}
@ -347,7 +347,7 @@ sub do_link_rule
 		{
 		$ret.=" \$(OBJ_D)${o}applink.obj" if $shlib;
 		$ret.="\n";
-		$ret.="  \$(LINK_CMD) \$(LFLAGS) $efile$target @<<\n\t";
+		$ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
 		if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild) {
 			$ret.= "\$(EX_LIBS) ";
 			$ret.= "\$(OBJ_D)${o}applink.obj " if $shlib;
@ -357,7 +357,7 @@ sub do_link_rule
 	elsif ($standalone == 2)
 		{
 		$ret.="\n";
-		$ret.="\tSET FIPS_LINK=\$(LINK_CMD)\n";
+		$ret.="\tSET FIPS_LINK=\$(LINK)\n";
 		$ret.="\tSET FIPS_CC=\$(CC)\n";
 		$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
 		$ret.="\tSET PREMAIN_DSO_EXE=\n";
@ -370,7 +370,7 @@ sub do_link_rule
 	else
 		{
 		$ret.="\n";
-		$ret.="\t\$(LINK_CMD) \$(LFLAGS) $efile$target @<<\n";
+		$ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
 		$ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";
 		}
    	$ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
--- a/util/pl/linux.pl
+++ b/util/pl/linux.pl
@ -78,7 +78,7 @@ sub do_link_rule
 	$file =~ s/\//$o/g if $o ne '/';
 	$n=&bname($target);
 	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
 	return($ret);
 	}
--- a/util/pl/netware.pl
+++ b/util/pl/netware.pl
@ -506,22 +506,22 @@ sub do_link_rule
      if ($gnuc)
      {
         $ret.="\t\$(MKLIB) $lib_flags \$(TMP_D)${o}\$(E_EXE).a \$(filter-out \$(TMP_D)${o}\$(E_EXE)${obj},$files)\n";
-         $ret.="\t\$(LINK_CMD) \$(LFLAGS) $def_file2\n";
+         $ret.="\t\$(LINK) \$(LFLAGS) $def_file2\n";
         $ret.="\t\@$mv \$(E_EXE)2.nlm \$(TEST_D)\n";
      }
      else
      {
-         $ret.="\t\$(LINK_CMD) \$(LFLAGS) $def_file2 $files \"$prelude\" $libs -o $target2\n";
+         $ret.="\t\$(LINK) \$(LFLAGS) $def_file2 $files \"$prelude\" $libs -o $target2\n";
      }
   }
   if ($gnuc)
   {
-      $ret.="\t\$(LINK_CMD) \$(LFLAGS) $def_file\n";
+      $ret.="\t\$(LINK) \$(LFLAGS) $def_file\n";
      $ret.="\t\@$mv \$(\@F) \$(TEST_D)\n";
   }
   else
   {
-      $ret.="\t\$(LINK_CMD) \$(LFLAGS) $def_file $files \"$prelude\" $libs -o $target\n";
+      $ret.="\t\$(LINK) \$(LFLAGS) $def_file $files \"$prelude\" $libs -o $target\n";
   }
   $ret.="\n";
--- a/util/pl/ultrix.pl
+++ b/util/pl/ultrix.pl
@ -31,7 +31,7 @@ sub do_link_rule
 	$file =~ s/\//$o/g if $o ne '/';
 	$n=&bname($target);
 	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
 	return($ret);
 	}
--- a/util/pl/unix.pl
+++ b/util/pl/unix.pl
@ -76,7 +76,7 @@ sub do_link_rule
 	$file =~ s/\//$o/g if $o ne '/';
 	$n=&bname($target);
 	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
 	return($ret);
 	}
--- a/util/ssleay.num
+++ b/util/ssleay.num
@ -98,9 +98,9 @@ SSLeay_add_ssl_algorithms               109	NOEXIST::FUNCTION:
 SSLv23_client_method                    110	EXIST::FUNCTION:RSA
 SSLv23_method                           111	EXIST::FUNCTION:RSA
 SSLv23_server_method                    112	EXIST::FUNCTION:RSA
-SSLv2_client_method                     113	EXIST::FUNCTION:RSA,SSL2_METHOD
+SSLv2_client_method                     113	EXIST::FUNCTION:RSA,SSL2
-SSLv2_method                            114	EXIST::FUNCTION:RSA,SSL2_METHOD
+SSLv2_method                            114	EXIST::FUNCTION:RSA,SSL2
-SSLv2_server_method                     115	EXIST::FUNCTION:RSA,SSL2_METHOD
+SSLv2_server_method                     115	EXIST::FUNCTION:RSA,SSL2
 SSLv3_client_method                     116	EXIST::FUNCTION:SSL3_METHOD
 SSLv3_method                            117	EXIST::FUNCTION:SSL3_METHOD
 SSLv3_server_method                     118	EXIST::FUNCTION:SSL3_METHOD